WE have seen in the press how large organisations have been the victims of cyber crime. If these organisations can suffer breaches of data confidentiality caused by cyber attacks then how can business owners and entrepreneurs be expected to manage the risks?

Cyber attacks and fraud are a fast-emerging threat, and it is much more effective to take preventative action now rather than try and mop up the mess later.

Cyber crime incidents are not only costly, but are damaging to an organisation's reputation. Companies are also facing substantial costs from increased legislative penalty thresholds.

In November 2010 the UK Information Commissioner issued his first fines under new data protection powers that came into force in April 2010, with fines of up to £500,000 possible.

The number of businesses that are failing to protect themselves is worrying. Our latest research shows that only 15% of UK businesses have someone on their team looking after cyber security. Nearly 20% outsourced it to consultants and a staggering 16% don't even know if their computers have anti-virus software.

Many have not done it because they are simply unaware of what threats are out there. But it is essential to protect your business now, particularly given the increasing number and significance of cyber attacks each year.

Weaknesses in network devices, hosting platforms and services, as well as the security design of applications must be monitored and assessed to verify that security baselines are adequate. Amid these growing dangers, vulnerability management is an essential element of your security programme.

Many companies' privacy, security and confidentiality policies are driven by regulatory requirements, but this is only the starting point. If your employees and clients are not confident that these areas are properly addressed then the impact and adoption of technologies such as e-commerce systems will be significantly reduced.

To address the risk of confidential data breaches you need to ensure you are aware of, and are implementing, best practices to manage the risks to the information you store and exchange.

If you have not recently conducted an IT audit to identify the measures necessary to protect your data, it is recommended you seek professional advice to help you assess the potential threats, vulnerabilities and resulting risks to the confidentiality, integrity and availability of electronic information on your systems, storage devices and networks.

Once you have evaluated the potential impact of the risks you face, appropriate administrative, policy and procedure, technical, and physical safeguards should be identified to prevent or mitigate the risks to privacy and security. Any residual risks must be documented and accepted by management.

Your organisation will then be in a position to implement sufficient safeguards and security measures to reduce your IT risks and vulnerabilities to a reasonable and appropriate level. This will assure that you comply with regulations, mitigate the risk of data breaches occurring and confirm to your clients that they are safe to do business with you.