5 Vulnerabilities to your Company’s network.

Cybersecurity defenses must constantly evolve to meet new threats. To do so, IT executives must keep up with a lot.

The good news is that many threats — even sophisticated ones— are preventable. Here are six common threats and the tactics IT departments are using to combat them:

1.) Unsecured Mobile Devices: In a recent survey, 45 percent of chief information officers and technology executives saw mobile devices as a weak spot in their company’s defenses. Securing a host of smartphone operating systems and their updates is difficult. Once attackers breach a smartphone, they can gain access to corporate emails, business secrets and authentication protocols.

What To Do: Companies should create a policy governing the use of mobile devices. The policy should allow approved email clients only, insist on strong passwords, provide clear instructions for what to do if a device is lost or stolen, and require that corporate data be wiped from the devices of employees who leave. Staff should be trained to spot phishing attacks as part of a continuous corporate training program. Conducting phishing simulations to assess how susceptible employees are to attacks is also positive.

2.) Distributed Denial-Of-Service Attacks: In a distributed denial-of-service (DDoS) attack, an attacker sends a massive number of requests to a target computer or network resource, from multiple, distributed devices across the internet — for example, sending seemingly legitimate HTTP requests to a website. The traffic overwhelms the resources available to the web server or application, making it inaccessible to customers. DDoS attacks often use botnets (thousands of devices connected to the internet of things) to amplify the scale of these attacks.

These attacks can hit retail sites particularly hard in the pocketbook, preventing customers from doing business. Hackers may also use DDoS attacks to distract IT while they simultaneously try to compromise other parts of a company’s network. If they get in, they may lurk undetected for months, conducting surveillance of the network and connected resources, before deciding on a course of action, such as stealing information from company databases.

What To Do: You may not be able to completely prevent such attacks, but you can encrypt information, rendering it indecipherable and useless if hackers get in. Even though encryption technology is widely available, many companies don’t use it. In 2015, just 4 percent of data breaches involved information that was partly or fully encrypted. Determine what percentage of your information is most sensitive or financially damaging if stolen, and encrypt it.

3.) Outdated Websites: Many top-ranked websites have out-of-date security certificates, allowing hackers to exploit vulnerabilities that were reported a decade ago. Applications built on outdated operating systems can’t keep up with new threats.

What To Do: Update your security certificates and be vigilant about installing updates and patches. Do a risk assessment and a penetration test, where someone poses as a hacker trying to get in. Today’s defense tools prioritize vulnerabilities and threats so you know what to fix first.

4.) Infected External Drives: Malware often enters a company through an external drive, such as a USB drive. Even if it’s plugged in for fewer than 30 seconds, an infected drive can introduce a virus or an unwanted program. Most drives are produced in China, and some have been found to contain software that provides a back door for Asian cyber criminals, he said.

What To Do: There are USB drives that leverage hardware encryption, but they tend to be expensive and not commonly used by mainstream users. Until the security technology improves, it’s best to avoid using them.

5.) Data Sabotage: Per Director of National Intelligence James Clapper, the next big security threat companies could face is from hackers who aren’t out to steal data, but to change it. Attackers can make small changes that will go unnoticed at first but eventually will send users false information or cause machines to break down. They could hack into financial trading systems and change prices.

What To Do: Once again, encrypt important data. Install access control policies and set up continuous data monitoring to send alerts about unusual activity. New monitoring tools are using the power of big data and artificial intelligence to find things humans may have missed.

But if there’s just one thing to keep in mind, perhaps it’s this: If you use effective training and tools to make your organization vigilant by day, your cybersecurity worries are less likely to keep you up at night.