10 Cybersecurity Threats to IT Departments (and How to Prevent Them)


There’s no shortage of cybersecurity threats to IT departments.

Exciting developments in business technology has opened the door to both opportunities and cybersecurity threats to IT departments. Many mid-market businesses (40 percent) plan to become smarter and more competitive through investment in technology.

Unfortunately, they also run the risk of making themselves more vulnerable to cyberattack. According to a survey of financial professionals, adopting new technologies led to almost twice the cyber risk. Over the last few years, companies have learned the hard way just how dangerous these cyber risks can be. This has led to an understandable hesitancy when adopting new technology.

So, if you want to benefit from better technology, you need to step up your security. The first step is to proactively identify which threats you’re liable to face. To help, we’ve listed 10 of the leading cybersecurity threats to IT departments that have cost companies millions and industries billions.

1. Hackers

What was once a lark or a hobby has become a major pursuit in professional, criminal, and political circles. Past hackers usually acted alone, while these days you hear about organized groups that take down targets. These targets can vary, from unsuspecting mom and pop shops to the cyber-might of the U.S. govt.

Many hackers operate as the cyber arm of criminal syndicates, while “hacktivists” seek to publicly humiliate political targets. Though their methods and motives may vary, what hackers are usually after is sensitive, protected data. This can include identity information, customer credit card numbers, and intellectual property.

2. Malware

Malware is a hacker’s catch-all tool of choice. It’s a blanket term for any intrusive software program that acts maliciously against your intentions. The term includes worms, computer viruses, spyware, ransomware, and Trojan horses. Malware usually gains access to your system once someone runs an unsafe executable program or clicks on an infected link. Often, when your computer is running incredibly slow, it’s because it’s loaded down with malware that’s operating in the background.

3. Trojan horses

Most malware threats start with the Trojan horse. Usually, you’re tricked into thinking the Trojan horse is a much-needed utility, like a spyware scanner or computer maintenance tool. These can even appear on trusted sites, so before you download a program, make sure it passes muster with your virus scan.

4. Botnets

Botnets are computers and other Internet-connected devices hackers have hijacked using malware. Once infected, this network of devices then spreads malware, launches distributed-denial-of-service (DDoS) attacks on other systems, and sends spam emails with attached viruses. The millions of unsecured smart devices has led to a tremendous increase in botnet-launched DDoS attacks. The scary thing is, your computer or personal device could be part of a botnet, and you’d never know it.

5. Distributed denial-of-service (DDoS) attacks

This is the kind of attack botnets can level at you. This happens when the hackers orders all the infected devices to send requests to a particular website over and over. This ends up slowing down the website for legitimate visitors and could wind up crashing the site altogether. Maybe your website is the target. Maybe your device is part of the attack. Either way, the best means to stay out of a DDoS attack is to stay on top of your basic security protocols. Maintain your antivirus and firewall, monitor the speed of your Internet connection, and avoid opening email attachments from people you don’t know.

6. Poor passwords

Many threats to your cybersecurity come from within. Recent surveys blamed weak or obvious passwords for 63 percent of confirmed data breaches. Some basic password protection protocols involve creating unique passwords for each account and regularly switching them out. But who can keep track of all those different passwords? There are ways.

Another common password misstep is storing your passwords on your browser. Or using easily obtainable information to create your password. Almost 50 percent of users draw from family names or initials for passwords, and 40 percent plug in important dates like birthdays and anniversaries. Before you create a password, ask yourself if someone following you on social media could guess it.

The suggested approach to passwords these days is to create a passphrase, not a password. These are typically harder to guess and easier to remember. You don’t even have to include a lot of numbers and special characters. Simply create a combination of two to four random words that hold some significance to you. For example: “witlesshomingpigeonlostinausten.”

Want to make it even more difficult to guess your password? Purposely misspell one or more of the words like this: “witlesshummingpidgeonlostinausten.”

7. Insecure permissions

This is another internal problem you must address to improve cybersecurity. It’s impossible to maintain security when everyone on your system has administrative access. Simply limiting the number of admins will go a long way to improving company security. That way, even if hackers gain access to an individual employee’s account, the damage they can inflict is limited.

8. Phishing

In phishing, you receive emails, text messages, or links to websites that look legit, but are actually faked or spoofed. These will usually look like they were sent from authentic companies. Their goal is to trick you into turning over your personal information. They accomplish this by asking you to confirm, update, or validate your information. To really encourage you to comply quickly and without vetting its claims, the email or text will introduce some urgency. Your account’s about to be shut down. The IRS will prosecute you if you don’t respond quickly.

Before you panic, try getting a second opinion. Check your account online and see if you received any notice there. Call the company’s customer service line. In many cases, companies won’t approach and ask for personal information the way these emails and texts do.

9. Ransomware

This is a type of malware attack where hackers lock you out of your own system. Or you find your data is scrambled and unusable. You remain cut off from your data unless you pay the hacker a ransom. Ransomware is a rising menace, increasing 6000x in 2016 alone and affecting many essential services, particularly hospitals. The way to avoid this attack is first, prevent breaches from occuring in the first place. Second, in the case of a breach, have a readily available and recently updated backup of your files.

10. Wi-Fi eavesdropping

This is when hackers tap into unsecured Wi-Fi networks to capture passwords and logins, and to potential access your computer remotely. When employees telecommute and access company resources, warn them that they’re only to do so using secured or encrypted networks. If it’s a free or unsecured connection, then it’s off limits.

Adopting the latest technology can give your company a competitive edge. But it can also introduce complexities that could open you to hacking. However, simple awareness of the cybersecurity threats to IT departments puts you ahead of the 30 percent of companies that have no cybersecurity strategy.

Cloud phone systems (or Hosted VoIP) are a growing technological trend among mid-market and enterprises. Like other cloud applications, they come with many business benefits. They’re also vulnerable to hackers, unless you have the right solution in place—in which case, they could even enhance your network security.

With any Hosted VoIP providers you talk to, you have to confirm that they take your security seriously. It helps to know what questions to ask. Download our Hosted VoIP Buyer’s Guide for a checklist of essential security questions for any provider.