• Startup
  • Payroll/Taxes
  • Human Resources
  • Employee Benefits
  • Business Insurance
  • Compliance
  • Marketing
  • Funding
  • Accounting
  • Management
  • Finance
  • Payment Processing
  • Taxes
  • Overtime
  • Outsourcing
  • Time & Attendance
  • Analytics
  • PEO
  • Outsourcing
  • HCM
  • Hiring
  • Onboarding
  • Recruiting
  • Retirement
  • Group Health
  • Individual Insurance
  • Health Care
  • Employment Law
  • Tax Reform
Thumbnail

Types of Cyber Attacks You Need to Know About

Management
Article
10/30/2017

Cyber attacks poised to invade your business and wreak havoc are serious and businesses should take measures to reduce the likelihood of occurrence. Small companies aren't immune to cyber crime; in fact, they are often especially vulnerable because they may lack the large-scale data protection and recovery systems available to bigger firms. This makes it even more critical that small business owners use anti-virus software and fully educate their employees on the many types of cyber attacks waiting to strike.

Some of the most common and dangerous forms of cyber crime employ similar tactics. Here are ones to watch for:

Phishing (aka, business email compromise)

Let's say you receive an email requesting money. The message appears to resemble a service provider's invoice, but if you look a bit closer, you see there's something suspicious about the email address or formatting of the request. (Or it's unlikely your service provider would make a payment request in this manner.) This is one type of business email compromise that, when successful, enables hackers to gain access to accounts, extract private information, process unauthorized requests, and redirect funds to anonymous accounts.

Malware (adware, spyware, ransomware)

These insidious attacks assume many guises, the most pernicious of which is called ransomware. When opened, this malicious software seizes crucial files, and keeps those files "hostage" until the victim pays ransom to decrypt them. Ransomware gets into a business system when unsuspecting users:

  • Download materials from a compromised website;
  • Open a fraudulent email attachment; or
  • Employ an unauthorized USB stick or some other external media device.

The key is handling any suspicious email with great care. The New York Times urges people looking at "iffy" emails to hover over hyperlinks (without clicking on them) to determine if they'll send you to an unfamiliar or suspicious web page. In regards to an email that originates from your ISP, bank, or credit card company, remember that these institutions will never ask for sensitive information like your password or social security number. Only bad guys want to get ahold of that data.

Social engineering (identity theft)

Cyber criminals exploit our natural tendency to trust a message we receive and/or assist someone we believe to be in need. By impersonating a friend or some trusted institution, they hope to persuade you to divulge passwords, financial data, or otherwise gain access to your computer and then download malicious software.

If someone you know sends you an email containing a link they want you to click on, or an attachment contains what you're told is a photo or other attachment they want you to see, don’t do it if there's the slightest suspicion that something's wrong. You could end up infecting your system (and, by extension, a company's entire system) with malware that can cause irreparable harm.

Take action to secure your sensitive business data

It’s not enough to just hope that cyber attacks pass by your business. Instead, take action that results in enhanced data security for your business:

  • Train everyone in your company to recognize potential threats and act accordingly. Knowledgeable employees are less likely to fall for email scams or other cyber crimes. Conduct ongoing training (with updates on new viruses). Implement policies that describe your expectations about employee behavior. Make sure people understand that allowing a cyber attack to succeed harms both the business and their own livelihood. Instruct employees on how to create effective passwords for all of their devices.
  • Install up-to-date anti-virus software that secures all the devices your business employs, including file servers, desktops, laptops, and mobile devices. This software must be equipped to identify and block cyber attacks. Installation of firewalls and data encryption also helps guard your business information.
  • Back up data on a network level and mandate employees to back up their individual data as well. Information securely stored in the cloud is a very useful safeguard against data loss and ransomware, as well as storing files and other data at an offsite location.
  • Establish an incident response plan that outlines how employees should proceed if they encounter phishing or malware attempts.

Taking action to protect your data is the wisest approach in our digital era, and will help reduce the chances that your business becomes a victim of cyber crime.

todd colvin headshot

Todd Colvin is the senior director of data and systems security at Paychex, Inc., a globally recognized leader in human resource services for small- and medium-sized businesses. He is a business-savvy converged security executive with a demonstrated ability to dissect critical operating processes for the purpose of identifying weaknesses and providing commercially reasonable recommendations to reduce financial, regulatory, or legal impacts to any organization.

This website contains articles posted for informational and educational value. Paychex is not responsible for information contained within any of these materials. Any opinions expressed within materials are not necessarily the opinion of, or supported by, Paychex. The information in these materials should not be considered legal or accounting advice, and it should not substitute for legal, accounting, and other professional advice where the facts and circumstances warrant.