The Most Common Vulnerabilities Your IT Support Team Should (Already) Know About

Vulnerability Scanning

Executive Summary

  • With cyberattacks on the rise, and ever more sophisticated malware hitting the internet all the time, there’s never been a better time for businesses to invest in their cybersecurity protection.

  • To ensure all potential holes are plugged, it’s essential that your IT support team is aware of the areas of vulnerability in your company’s technical setup – and how they might be exploited by would-be attackers.  

  • Here are 5 of the most common IT-focused vulnerabilities which could pose a security threat for your business which you can share with your IT support team to level-up your company’s protection.


As the old saying goes, prevention is better than cure.

When it comes to keeping your business safe from potential cybersecurity threats, that goes double.

With malware and cyberattacks becoming more sophisticated – and more common – by the day, it’s becoming more important for companies to develop security policies which are ready for anything. Of course, being ready for anything is almost impossible, but a properly prepared IT support team with an awareness of the potential gaps in the IT armour can be worth its weight in gold.

To ensure your tech support team has all the bases covered, here are the 5 most common IT vulnerabilities they should (already) be aware of.

Vulnerability 1: Human error

We’re going to begin here with what is without question the biggest vulnerability of any IT support system: human error. Why? Because, according to research done by IBM, human error plays a role in a whopping 95% of all successful cyberattacks.

Whether it’s simply using passwords which are easy to guess, not enabling protective measures like Multi-Factor Authentication, or falling for social engineering cyberattacks like phishing, people are – ironically – the biggest flaw of any cyber-protection system.

Luckily, education is a powerful tool here – as is the deployment of security policies to protect users from these pitfalls.

To start, ensure that your internal teams are familiar with the basics of cybersecurity, warn them about common malware attacks, and deploy access and authentication systems which require multi-factor authentication.

Vulnerability 2: Out of date software or hardware

Did you know that computer software has a shelf life?

It might not be quite as short as milk — often, in fact, it stretches on for years — but it’s certainly relevant for any IT support team. Software that has gone “end of life” (EOL) has essentially been cut loose from the developer, so that no more updates or security patches will be released for it. Examples of this software include the Windows XP and Vista operating systems and, most recently, Microsoft Office 2010.

Software with the EOL status are potentially open to exploitation by cyberattacks because the developer will no longer patch or plug potential security flaws. For this reason, we never recommend continuing to use end-of-life applications or operating systems. Instead, work with your IT support team to ensure all apps are up to date and within their supported lifespan.

Vulnerability 3: Lack of a disaster recovery plan

Even the biggest and most well-known companies can fall prey to cyberattacks — and some of them can do catastrophic damage, especially if the business isn’t prepared for the attack.

While the loss of critical customer information and sensitive internal data can be crippling for a business, this loss can be mitigated (if not prevented entirely) by establishing a robust disaster recovery plan. Naturally, none of us wants to think about potential disasters, and it’s always more reassuring to assume things will just coast along smoothly. But, in reality, almost 90% of UK businesses have been victim of a breach in the last 12 months alone.

That sobering statistic should be all you need to read to consider deploying a solid disaster recovery plan. This includes a detailed strategy in the event of data loss, either physical or digital, and how the business will respond.

We’ve put together a detailed guide on how to do this, but the key points are to define a Recovery Time Objective (RTO) as a guide to how long systems can realistically be down, and a Recovery Point Objective (RPO), which defines how far back in time you should protect your company’s files.

Vulnerability 4: Distributed Denial of Service (DDoS) attacks

According to the National Cyber Security Centre, a Distributed Denial of Service, or DDoS attack can be defined as when a cyberattacker: “enlists the help of (many) thousands of Internet users to each generate a small number of requests which, added together, overload the target.”

In short, a DDoS attack occurs when a website is hit with so many requests at once that the server cannot handle the volume and simply shuts down. This results in a company’s website being unable to be accessed, which, in turn, can lead to lost sales and – potentially – a lot of lost revenue.

For companies focused on web-based sales, a DDoS attack of this kind can be devastating, which is why it’s important that your IT support team be aware of the risk. Not only should they be aware of how to define a DDoS event, but they should also have an understanding of your company’s specific risk profile for this type of attack. After all, some companies work in such a way that the website being down for a whole wouldn’t be overly impactful. The real key for your IT support team is to understand how DDoS cyberattacks could affect you – and how you’ll manage them if they do.

Vulnerability 5: Zero-day exploits (and other malware)

As we’ve covered above, your IT support team (and the rest of your employees) should all be familiar with the most common cyberattack vectors of today – but there are some which are more pervasive than others.

More specifically, the so-called ‘zero-day exploit’ is a particularly nasty customer. The reason this can be more damaging than other such attacks is that it relies on holes in software security which have yet to be patched. This means that a.) attacks can take place without you realising it, and b.) there’s not much your IT support team can do to prevent them once they happen.

But don’t worry – there are solutions. One of these is to deploy an Endpoint Detection and Response system, which will monitor and recognise the threat before it has chance to wreak havoc. The other is to ensure your software is updated as soon as updates become available. In this way, you can nip attacks in the bud even if they breach your first line of defence.

Level-up your IT support protection with Get Support

Whether you already have an in-house IT support team who need a little help every now and then, or you’re still flying solo and are ready to take a step towards complete security with an IT support agreement, Get Support is here to help.

Our team relentlessly monitors and tracks the most common IT threats and vulnerabilities, helping all of our clients to stay safe and avoid the catastrophic damage that even one successful attack can cause. If you’d like to enjoy this level of IT support and cyber-protection, we’d love to hear from you.

To speak to our IT experts about exactly how our IT support services can help your specific business, call us now on 01865 59 4000 – or fill in the form below.

Latest From The Blog

Viva Connections

What’s That App? A Beginner’s Guide to Microsoft Viva

In this edition of “What’s That App?”, we’re looking into the employee experience and engagement platform Microsoft Viva. Could it be the catalyst to your business thriving in the new remote working economy?

The Great LinkedIn Data Scrape (And What It Means for UK Businesses)

In mid-2021, a group of hackers managed to access the data of 700 million LinkedIn users via a method called ‘scraping’. Here’s what UK businesses need to know about this potential cyber security risk.
Data Backup

IT Support Insider: Backup, Disaster Recovery, and Business Continuity

In this edition of our IT Support Insider series, we’re turning our attention to an area of computing which can be a genuine lifesaver: backup, disaster recovery, and business continuity