You are the keeper of your customer’s data and it is now your responsibility to protect their personal information. Your company also holds a wide array of confidential and private information internally. Over the past few years we have learned that all companies, without exception, with the likes of retail giant Target to the credit reporting service Equifax, have all fallen victim to cyberattacks, which resulted in the theft of millions of confidential records. Cybersecurity is not an exact science and is constantly evolving as we attempt to remain ahead of the criminal elements. We do know by not doing anything, we place ourselves at greater risk for a cyber-attack.

By understanding that the threat is real, we begin to understand what it takes to protecting our business. Too often, we hear about security breaches and cyber-attacks to other companies and assume this would never happen to my business, we are just too small to waste anyones time. Unfortunately, we blind ourselves from reality. According to Symantec, over 43 percent of cyberattacks in 2015 were targeted toward small businesses. A very small percentage of small business believe that their current ability to guard against cyberattacks is effective.

Technology and the data surrounding cybersecurity are constantly changing and evolving as viruses and malware remain moving targets. Companies should develop a cybersecurity policy and defense plan that details all steps that a company will execute to protecting its employees and most valued assets from any type of technological threat. Every cybersecurity plan should include a process and action for what to do once a cyberattack occurs.

One of the scariest facts about cyber breaches is that for many small- to medium-sized businesses, once a breach occurs, the business itself may not be able to recover from such an attack. Depending on the extent of the breach, a company’s reputation or brand value my be irreversibly damaged.

Even today’s sophisticated virus and malware protection can be circumvented by ransomware. The best approach to security is multi-layered and requires vigilance from both IT professionals and their end users.