Payroll and other human resources professionals are accustomed to handling sensitive information. It’s quite literally in their job descriptions. Large organizations often employ sophisticated software designed to avoid security issues, and they may even have a department dedicated to reducing risks. Even so, a quick online search will reveal many, many instances of customer and employee data loss at these large firms.
What about small companies? Often, their payroll is handled by the same individual who takes care of all HR functions. As a company, they may not have the same focus on cyber security as do their larger counterparts. After all, they may reason, why would anyone target such small potatoes?
Because they are easy, according to Travelers, which insures companies against cyber threats. “Cyber risks are very real for all businesses, particularly small organizations, which may be considered easy targets by hackers,” said Joan Woodward, President of the Travelers Institute and Executive Vice President of Public Policy at Travelers last October.
Consider some statistics. In an April 2016 press release about online security, Paychex shared findings from the National Cyber Security Alliance and Mandiant, an authority on cyber security. The picture is disturbing.
- Nearly 50% of small businesses have experienced a cyberattack.
- More than 70% of cyberattacks target small businesses.
- 69% of businesses learn of a breach from an outside entity, like law enforcement.
- On average, it takes more than 200 days for an attack to be detected, giving attackers nearly 7 months of access before the target even knows about it.
Cyber threats may come from outside the company, as we’ve often seen in the news. Sometimes, though, the threat comes from inside the company. Either way, employees—in HR or elsewhere in the company—are a front line defense against a breach.