One of the easiest ways for hackers to access your company's information is through your employee's email inboxes. Even major corporations have suffered breaches due to phishing scams.
Incorporate email security training as part of your basic onboarding procedure, and make sure employees are aware that they shouldn't click on links in promotional emails, open suspicious attachments or run updates that are prompted through email (including those that say they come directly from a company, like Microsoft).
Make sure employees understand company policy. For example, let them know that your business will never ask them for personal information or send them links regarding their 401(k) accounts and that if they see such emails, they should assume they are fraudulent.
If they want to cross-check their accounts, to make sure their 401(k) or other sensitive information is OK, tell them to go directly to the financial institution's website and log into their accounts directly, rather than clicking on a link in an email.