Become an insider!
Get our latest payroll and small business articles sent straight to your inbox.
Woohoo! It’s payday!
You’ve worked tirelessly these past two weeks, so the much-anticipated “ping” of your hard-earned cash hitting your bank account couldn’t come soon enough.
But… the direct deposit never comes. You rack your brain – and your email – for any logical explanation, but come up short.
And then you see it.
An email from who you thought was your email provider, asking you to send your login information for “verification purposes.” You were really busy last week, so you had just skimmed it and did what was asked! But now that your paycheque is involved, you see that the email was completely bogus.
What’s worse is you know your email password is what you use for almost every other online account you have, too. So just like that, all your information is potentially compromised.
And you’re still out of a paycheque.
If you’ve never experienced something like this before, keep up the good work! But for those of you that have, you’re one of the millions that have experienced information loss due to cyber fraud.
From bank accounts, to SIN or SSNs, to your email, hackers are getting better at finding the information they need. Thankfully, there are still ways to successfully thwart their efforts and keep your info secure.
Rolling into the new year, resolve to put security as one of your top priorities:
1. Stop using the same passwords over and over again.
It’s tough to keep track of all your passwords – you likely have a thousand “forgot password?” emails in your inbox history like the rest of us, or maybe you keep it simple and sweet by using one of these horrific password favorites.
Regardless, variety is a necessary spice in your online life.
Even if you’ve never shared your password or use variations of the same password for different accounts, you’re still putting yourself at risk.
The best way to keep things secure is to use what’s called a passphrase. Instead of trying to remember a jumble of letters and numbers, take a short phrase that’s easy for you to remember – think something that’s a bit more personal to you – and turn it into your password.
Passphrases work better than randomized passwords because they take significantly longer for hackers to crack – especially when you use a combination of letters, numbers, symbols, and capitalization.
If it makes it easier to remember, you can use something that reminds you of whatever account the password is for. But don’t use the account name or something super obvious.
For example – if you’re making a Wagepoint account password, “wagepointrocks” is not necessarily the best way to go. But something like “3Cheers4Payday!” works well – it definitely has something to do with payroll, but isn’t easily guessed.
And the best part about using strong passphrases is that you don’t have to worry about changing it all the time!
It’s actually recommended that you don’t change your passphrases – if they’re strong enough, there’s no need to constantly update unless there’s a security breach.
Not sure if your passphrases are good enough? Test how long it would take to crack your current passwords.
2. Train and educate your team on cyber fraud.
Even if you’re a cyber expert, your employees and other members of your business probably aren’t.
And if a hacker gets into your server through even the lowest tier of employees, your whole system can still be completely compromised!
You can easily invest in training software with learning modules on how you can keep your info secure. From password strength to email phishing, most training is interactive and goes through the most prevalent types of cyber fraud.
We use KnowBe4, but Symantec and McAfee are popular and effective training options as well.
But more than just providing the training modules, you have to make sure your team is actually watching the videos and learning the lessons. Otherwise, what’s the point?
The best systems have testing for this purpose – they include standard online quizzes to ensure the information is really sinking in.
And some systems also have fake phishing emails – our favorite – that send “malicious” links to your employees to see who clicks. You’ll get reports of who clicks the emails, which helps you identify who needs some extra training. Our service will even rick-roll the clicking employee!
Though a little pricier for this feature, testing is a great investment if you have a lot of private or financial information at stake. The last thing you want is to spend the money on training and still have someone fall victim to a scam.
3. Invest in cybersecurity protection for your team.
No one wants to spend extra money if they don’t need to, especially if you’re just starting out as a business.
But truthfully, the cost of losing your valuable information to hackers is much higher than buying quality protection.
On average, one hacking incident can cost your business $2.4 million. Most of the cost comes from sensitive information loss, but also includes lost time, lost customers, diminished reputation, and more.
If you’re not a security expert, it’s hard to know where to even start when it comes to getting protection. But it’s as simple as deciding what level of protection you need, and then acting accordingly.
Here are some guidelines you can start with:
Level 1: I’m at least aware I need protection. Where most people reside. Consider basic protection: anti-virus and anti-malware services, good password practices, getting different email addresses for personal and work needs, keeping personal social media and tasks off your work machine. Basically, all the ground-level things all internet users should be doing anyway.
Level 2: I want to be proactive. Now, you might be dealing with more sensitive information for your business, or have hired new employees that may or may not have good security habits. Add on a password manager and invest in a security awareness training program for your team.
Level 3: I’m super paranoid. Growing up in a tech-savvy family, I’m definitely up here. Build on the previous levels by adding a VPN solution that anonymizes your online activity, provides Wifi protection, and an additional level of malware protection. If you want to put more protection on your entire network for your office, there are hardware solutions out there, too.
It may all sound like a lot, but it’s really not. And many security systems start at only $2/user per month.
Talk about bang for your buck.
And since most cyber fraud occurs because of human error – whether that be from a lack of knowledge, a really well-designed scam, or just a new type of fraud – putting protections in place is vital to guarding your information, even when your team is less than diligent in their security habits.
It may feel like it’s hurting your wallet at first, but your secure information is precious and should be protected as such.
Security = Success
The moral of this story: don’t lose your entire paycheque for the sake of saving a buck.
The online world is getting more complex and savvy, and so are hackers. Make sure you and your team are prepared, educated, and aware of the risks out there, and practice safe browsing.
Good habits could save you millions!
The advice we share on our blog is intended to be informational. It does not replace the expertise of accredited business professionals.