Businesses are knee-deep in the 2020 tax season, and unfortunately, this is also a busy time for fraudsters. A 2018 Association of Certified Fraud Examiners survey estimates that small businesses experience a median loss of $200,000 to fraud—almost twice that of larger businesses. And while 43% of cyber attacks target small businesses, many business owners don’t have a defense plan. 

At Gusto, we take the security of your account information very seriously. We leverage industry-standard encryption to secure all of your data and proactively monitor your account to help prevent fraudulent transactions. In doing so, we’ve compiled some security tips that can help you keep your company and personal information secure. 

Here are our top seven security tips to help businesses reduce fraud:

1. Enable 2-step verification everywhere you can.

Two-step verification is an extra layer of security added to your account, which prevents anyone from logging in or accessing your account, even if they know your password. This extra security measure requires you to verify your identity each time you log in, either by the security code sent to your phone via text message or through an authentication app. 

We love this tool because it can thwart fraudsters from logging into your accounts even if they have your password, and it can protect you against 96% of bulk phishing attacks. This is a best practice for any account, but we strongly encourage that payroll administrators, including primary and any other administrators with signatories, have this feature enabled on their Gusto account.

2. Be wary of look-alike websites and emails. 

Only open files sent by senders you know. Fraudulent emails often contain malicious links, which can be used to gather your personal information.

One thing we like to do before opening documents or clicking on links is to select “Reply” to get more detail on the sender. If that email handle looks fishy or unfamiliar, then it’s time to delete or report it.

3. Use a unique password for your accounts.  

We encourage creating complex passwords with a combination of each of the following:

  • Capital letter
  • Number
  • Lowercase letter 
  • Symbol

We know it can be a struggle to come up with strong passwords, but try using a phrase or sentence which is relevant only to you. And make sure you use a unique password for each of your accounts. This makes it harder for fraudsters to guess your passwords and keeps your accounts safe even if data breaches occur at other institutions. 

4. Then safely store your passwords.

IT professionals generally recommend password management applications, not a web browser, to help you create and store a unique and strong password for every website. Here are a few apps we like at Gusto to help you get started:

We do not recommend writing your passwords down as physical copies are difficult to store securely.

5. Validate who you are sharing personal information with.  

Information used by fraudsters includes birthdates, social security numbers, bank account information, and insurance card numbers. Make sure you only share this information with third parties you trust.

You can validate the third party by making sure it’s a product or service you are actively using and it is a request you expected. Legitimate organizations won’t call, email, or text to ask for your personal information, like your Social Security information, bank account, or credit card numbers. 

If you’re a Gusto customer, Gusto may reach out to confirm certain information on your account, but we will never solicit new information unless requested by you. 

6. Review account activity to make sure it is correct.

Gusto and many other platforms and services often send emails to customers when account changes are made. Review those notifications to make sure activity on your account is correct and actually initiated by you. 

Sometimes these messages can make it into your spam folder. To avoid this and ensure you’re getting vital information about your accounts, add the third parties you use and know well as “trusted senders” in your email account settings. These notifications will help you be alert of any unusual account activity. 

7. Install firewalls and virus-detection software on your home computer.

Antivirus software is critical for every PC. It is a computer program used to prevent, detect, and remove malicious programs that have been placed on your computer to spy on you or to do damage to your computer. Without it, you risk losing your personal information, your files, and even the cash from your bank account.

You can simply download and install antivirus software on your computer and phone, or you can purchase the software from retail stores. 


We hope our top seven list is useful for you this tax season and as your business grows. If you’re a Gusto customer, contact us immediately if you identify any suspicious account activity at (800) 936-0383 or by email [email protected]. We’re happy to help.

You are the first line of defense for your business; stay vigilant, and together we can stay on top of your account security.

Gusto Risk and Security Team Gusto Risk And Security Team, contributing authors on Gusto, provide actionable tips and expert advice on HR and payroll for successful business management.
Back to top