Computers and the internet make it extremely easy to create and share the information necessary to keep a small business running. The trouble with life in the digital age, however, is such sharing leaves businesses highly vulnerable to theft by hackers, scammers and other online bandits. Cyber attacks can wreak havoc on individuals, but when the victim in question is a company—with payroll, financial data, employee information and other sensitive files to worry about—they can be extremely destructive.

Small businesses like yours unfortunately are a favorite target among cyber criminals. Every day, thousands of attacks occur all over the world, and a successful infiltration can cost your firm thousands—if not hundreds of thousands—of dollars. Alarmingly, up to half of small businesses that fall prey to a successful attack end up folding soon after. The good news: there are measures you and your staff can enact to protect your company, resources and personnel, to ensure electronic evildoers don’t bring you to a standstill.

First, guard your network with security software, and keep that software up to date—the sophistication of hackers is constantly evolving, and your technology needs to evolve at the same pace. You also need a high-quality firewall and encryption on sensitive files, too. Install reliable anti-virus and malware-defeating software on all your computers, and perform scans on a regular basis to ensure your computers and network remain clear.

Attacks can happen even on relatively well-protected networks. In the event a hacker makes it through your safeguards, you should make sure your files are backed up on a regular basis. If your files are lost or compromised for whatever reason, turning to those backup files ensures you don’t lose everything. It’s a good idea to keep those backup files on offsite servers, or on the cloud, rather than simply relying on an external drive or other device kept onsite—that way, if the attack comes in the form of a fire, flood or other natural disaster, your files are saved from the flames or waters.

Security tools and policies don’t do much good if your employees aren’t well versed. Be sure your employees are trained on your company’s internet safety and computer security processes and policies. Make sure your personnel are working on secure, protected computers. Passwords are an important weapon in the battle against cyber threats—employ long passwords with letters, numbers and special characters; and teach your staff not to leave their passwords ripe for the picking by writing them on Post-Its stuck to their monitor or emailing them to themselves.

Threats frequently come via email, so it’s important to teach your workers to be on the lookout for suspicious messages landing in their inbox, and not to send sensitive information in email messages. Be wary of unexpected emails that request passwords, or take you to a site that asks you to log into an account—it is entirely possible that the message is a “phishing” attempt to scam sensitive information from you. Scammers are savvy enough to pose as another employee, so when in doubt (especially if the name doesn’t sound familiar) check back with the sender or other company representative.

It is imperative that no one at your firm ever email employee data—W-2 forms, benefit enrollment forms, social security numbers or credit card information. Email is notoriously insecure, and if a bad guy manages to crack into your system with such sensitive data in your database, they’ll have the keys to your kingdom.

Another vulnerable entry point for hackers and scammers: old computer equipment. If your hard drives, servers, storage devices and other tech items are headed out the door, make sure the equipment is completely wiped of all files, whether you are donating, recycling or tossing them in the garbage. Scrubbing your files off the equipment ensures that when the items are trashed, your company doesn’t get trashed along with them.

Keeping your company’s data and systems secure can be challenging. If you have any questions, feel free to reach out to us.