Reducing Cyber Security Risks for Businesses: What Are the 5 Top Attack Vectors?

In part 1 of this series on reducing cyber security risks for businesses, we discussed 7 ways you can maintain your cyber security. None of the tasks we listed were difficult, but they all required time, planning, and attention to detail. 

IT security can take a lot of work on your part to set up (or you can get help from managed IT services companies), but today we’re going to discuss why reducing your cyber security risk is so important. 

 TL;DR: Cybercriminals have a lot of ways of getting to your data, including poisoned software, infected USB sticks, deceptive communications, and plain old skimming off the top. Contact Interplay: Set up your IT security. 

What Are the Top 5 Attack Vectors? 

Sorry to have to be the bearer of bad news, but cybercriminals are everywhere these days and they’re always scheming about how to break into your systems. Figure you’re safe because you don’t have any valuable data? Cybercriminals can’t determine the value of your data until they have it in their hands – which means they definitely have good reason to keep attacking until they get in. 

Here are the top 5 ways those thieves will try to breach your cyber security defenses. 

  • Ransomware 

Ransomware is a type of malicious software (“malware”) that makes you decide how much your business data is worth to you. In this type of scheme, a cybercriminal will encrypt your company’s files and documents into unreadable garbage and demand a ransom from you to restore those files into readable text. (They may also threaten to sell your data.) 

We don’t know about your business, but we know that if we lost something small like a decade of our expense records to a ransomware attack, we’d be in a bad place. That’s why we install patches and updates immediately and have multiple backups of our data. These easy steps mitigate a lot of the top cyber security risks for businesses. 

  • Phishing 

Phishing is when a cybercriminal leverages social engineering to get you to click something or tell them information like your passwords or credit card number. The most common place for a phishing scam to end up is in your email, disguised as a legitimate communication from your actual bank, Netflix, Apple, LinkedIn, or Microsoft 365. Once you click the link in the email, a totally real-looking webpage pops up requesting your login credentials or credit card info update and, naturally, you and your staff are likely to enter that data. Unfortunately, the real-looking webpage is actually a cybercriminal’s invention and he/she/they just got you to give them your login info or credit card number. 

Phishing scams can also happen over the phone, so it’s important to train your employees to be aware of (and on alert for!) phishing attacks. Cyber security awareness using a tool like KnowBe4 is a top defense these days. 

  • Business Email Compromise

Business Email Compromise (or “BEC” as we geeks refer to it) is a tricky maneuver in which cybercriminals send what equates to a run-of-the-mill phishing email to you requesting login or financial data, or a money transfer. The trick is that the fraudulent email looks like it comes from someone within your company! The way cybercriminals accomplish this feat of illusion is pretty smart, we admit. It’s also pretty freaky. 

Read up on the precise details of how BEC works, because this single tactic netted cybercriminals $1.86 billion in ill-gotten cash in 2020 alone. If you can train your employees to avoid BEC attacks, you’ll be ahead of the curve for reducing cyber security risks. 

  • Physical Security Attacks

What would you do if you pulled into the parking lot at work, or walked into the elevator, and saw a USB flash drive on the floor? Like pretty much everyone else in the world, you’d plug that sucker into your computer to see who it belongs to so you can return it to them. It’s only the nice thing to do, right? WRONG. 

Cybercriminals are good at tapping into our Samaritan impulses, so they actually drop malware-ridden USB sticks around office buildings, knowing someone will plug one in and let them into the network. Their other trick? Pretending to be delivery or IT service people and walking right into the building to access computers. Ouch. 

Make sure you lock up your servers and unused computers, and train your staff to toss mysterious USB sticks in the trash. (Don’t use those unsecure flash drives anyway, they’re one of the biggest cyber security risks for businesses – use Teams instead!) 

  • Data Leaks

You’ve seen Office Space, right? If you haven’t, you’re missing out. In the movie, some disgruntled office workers come up with a plan to skim a tenth of a penny (or something like that) off each company transaction and slowly become gazillionaires. Cybercriminals use a similar tactic to slowly siphon data off your computer, using tools such as spyware apps and compromised browser extensions to gain access. 

This sounds like a problem that would be easy to prevent, but it’s actually really hard to figure out where your data is going. Create an Acceptable Use Policy to train your employees on what they can’t download on work devices and use a Zero Trust methodology to take care of those unauthorized downloads that slip through the cracks.  

Cyber Security Risks for Businesses Are All Around Us

It’s tempting to say that the WFH movement has created all these cyber security risks and that a return to the office (is that “RTO” now?) will be all you need to do for cyber security risk management. Sadly, that couldn’t be further from the truth. 

In fact, cyber security risks have been increasing for years and companies of all sizes have been having a pretty bad time of it for a while. Over the years, cybercriminals have only improved their methods and tactics and now it’s nearly guaranteed that unprotected businesses will find themselves the victims of a cyber attack. 

Fortunately, it’s much easier and more affordable than you think to get your business protected with the latest IT security. 

Reach out to Interplay to get started

For 20+ years, the friendly and knowledgeable IT services team at Interplay has helped business leaders across a range of industries get more out of their tech, stress free. Not only are we always (and we mean always) happy to offer the best managed IT services, support, and advice, we’re also the team you can trust for the best cocktail recommendations here in Seattle or in Disney World – we’re versatile! All humor aside though, we’d love to help you get your IT running smoothly and securely, around the clock.