72 percent of Americans believe that cyberattacks are a major threat. Fortunately, there are several well-established IT security best practices you can follow to make your organization safer.

In this article, we’ll discuss the 5 most common cyber threats and the countermeasures available to end users and IT departments.


Ransomware is a nasty form of malware that locks down your files and data and holds them for ransom. It first made global headlines in May 2017 with the spread of the “WannaCry” cyberattack. This threat infected at least 75,000 computers around the world.

End users: Even you pay the ransom, it’s not a guarantee that you’ll get your files back. To avoid this threat, don’t open email attachments from sources you don’t recognize and don’t download files from suspicious websites.

IT departments: Install strong antivirus and anti-malware software across your network and keep it updated on a regular basis. Use a strong enterprise firewall solution and make sure all data is backed up consistently.

Insider threats

Surprisingly, 75 percent of IT security breaches are due to internal (not external) threats. Disgruntled, clueless, and malicious employees may have access to a variety of systems and data, allowing them to intentionally or unintentionally expose sensitive information.

End users: Learn to recognize the danger signs of an employee who is an insider threat: difficult personalities, substance abuse problems, disagreements with coworkers, and financial troubles. If you’re concerned that a colleague represents an insider threat risk, speak with HR or your supervisor.

IT departments: Make sure employees only have access to the systems and data they need to do their jobs—and nothing more. In addition, use monitoring software that can detect strange user behavior.

Relevant & Helpful: 4 ways to secure your wireless connection


Phishing emails are messages that claim to be from a trusted person or organization; however, they’re really sent by a malicious actor who aims to steal sensitive information. More than three-quarters of companies reported being the victim of a phishing attack in 2017.

End users: Learn to recognize the common signs of a phishing email, such as spelling and grammar mistakes and URLs that don’t point to the company’s website. These emails may contain a false sense of urgency and usually operate outside internal processes.

IT departments: Install strong spam filters that can detect potential phishing emails, and require users to change their login details on a regular basis. It’s also a good idea to provide some type of regular employee training and education.

Social engineering

Social engineering involves the use of psychological tricks to fool users into handing over sensitive data. For example, “spear phishing” is a form of phishing that directly targets a specific person or organization. The attacker uses specific information about the victim to appear more reputable.

End users: Don’t be fooled by social engineering messages that try to make you act irrationally by creating a sense of urgency. Do your own research and get in touch with the source of the message to confirm that it’s valid. Above all else, make sure everything follows internal processes completely.

IT departments: Educate your workforce about common social engineering threats, and encourage employees to authenticate each others’ identities when talking about sensitive topics online or over the phone. Make sure to enforce company-wide policies and procedures when it comes to things like vendor payment and employee information.

Relevant & Necessary: Your company’s 5-part guide to mobile security

Distributed Denial of Service (DDoS)

Distributed Denial of Service attacks attempt to block legitimate users by swarming the organization’s network with too much traffic. For example, the October 2016 Dyn cyberattack temporarily brought down the websites of major companies such as Netflix, Twitter, and Amazon.

End users: Understand the mission-critical infrastructure that would be most vulnerable to a DDoS attack, and take steps to protect it by creating backups.

IT departments: Use load balancing technology that can distribute website visitors across different servers, preventing any one of them from buckling under too much traffic.

Final thoughts

When it comes to the security of your network, it’s important to think proactively. The more prepared and educated you are about cyberthreats, the more likely it is you can make it out of a cyberattack alive and well.

If you’d like to keep reading, check out 5 IT maintenance tasks your company should perform.