In the treacherous world of cyber security—or cyber insecurity—things that go bump in the night are the things that can bring an organization to its knees. Unexpected new breach threats, employee errors, and poor data policies can destroy even the most iron-clad cyber security strategy. Here, we break down three things that keep security professionals awake at night and tips to help keep data secure.

  1. Ransomware

It grips your data and won’t let go until you cough up some serious dough—welcome to the horrific world of ransomware. According to Cisco, ransomware has quickly become the most lucrative type of malware ever seen, on its way to becoming a $1 billion annual market. And where there is money, there is motivation. In 2016, NBC News estimated the cost of ransomware to victims at $200 million in the first quarter of 2016 alone.

Ransomware isn’t going away any time soon, so what should security professionals do? Some of the easiest things to do include fairly basic, everyday-hygiene maintenance. Backing up data, updating and patching software, and training employees to recognize the signs of someone trying to gain unauthorized access to systems, like a phishing attack, are low-cost, effective methods.

[Have questions about improving your security program? Well-versed in every layer of security, our experts can evaluate, recommend and deploy the latest next-gen security. Click to learn more.]

  1. Insider threats

A well-meaning HR employee could potentially expose sensitive data through a phishing scam. They’re innocuous looking enough—someone masquerading as the CEO sends an email asking for every employee’s W2, and quickly. The urgency around the email, combined with the role of the requester and a similar email address, is enough to make the employee comply. Basic, routine training (because remember, threats evolve) is necessary for each and every employee. The weakest link in any type of breach is almost always due to human error.

  1. Information governance

Who, what, where? Simple questions could have complex answers, or perhaps be met with perplexed looks. Knowing why you must collect certain data, where it resides, and how it’s being stored and destroyed are imperative when it comes to protecting critical information. A good way to begin is to have each department inventory their data. From there, implement access controls to help keep data in the right hands.

[You May Also Be Interested In: 3 Ways to Leverage Managed Services for Security]

Is your head spinning yet? When starting or updating your information security strategy, it can be difficult to figure out where to start, which vendors to engage, or how to brush up your existing plan. As threats emerge and change, your company’s cyber security should too.