(Image: Wavebreakmedia Ltd /Thinkstock)

Obviously, hackers are a concern, but there are other risks companies should be aware of and steps they can take to minimize the damage when they are hacked. Sean Murphy, founder and CEO of Private Giant says, "The common thread in all of these events is sensitive information – whether it's billing information, credit cards or other data – any loss or damage to this information could damage your business."

These hackers, or what Murphy calls "bad actors," want any piece of information they can get their hands on. "If your business determines that a customer's favorite color is blue, now they have that information when the security question is 'What's your favorite color?' They're collecting bits of information from different sources and using them to put together a profile on people so they know how to access their information."

Related: The Dark Web: A look into the cyber criminal underworld

He says that ransomware is one of the newer threats because the apps can be installed on phones and computers so thieves can hold them for ransom. "They say we'll sell your information back to you for $300 or $3,000 and there's no way to get around it," Murphy explains. "It locks your data down so you can't check out customers, can't send out invoices or do anything until you pay the ransom." (Companies who back up their data regularly may be less likely to be impacted by ransom demands.)

After companies pay the ransom, Murphy says the question is, "What do they do with it? Who else are they selling it to? We're talking massive data theft on a global scale."

He said it is easy to go on the black market and buy records on companies like Ashley Madison, and the hackers will likely make millions on the stolen records.

(Photo: Maksim Kabakou/Shutterstock)

While most companies have firewalls to keep information and viruses from coming in, the real issue is often what is going out. Murphy says a lot of information can be gained through monitoring emails and there are android apps that can damage a system from within. "A small program can be sending out tons of information from these apps and you are totally unaware that the information is being transmitted. It's important for companies to be monitoring outbound connections and to look for what's being transmitted from your network."

He recommends a strategy he calls "defense in depth," a multi-prong approach that can help minimize the risk and exposure for a company. "You can't buy a program that will solve everything because something will get through your system or it will restrict your users." He recommends buying the best software to protect inbound connections and using a series of rules to protect the system from within the company.

"Go to each workstation, tablet, computer and cell phone, and apply the security parameters that the software offers – you want to try and prevent the breach at the source, like an intern surfing the Web. It used to be that you could run a virus scan, it would remove the threat and you were done. Information today is far more valuable, so you need to use a secondary appliance and rules to protect it even further."

(Image: kutubQ/Thinkstock)

The third step is to lockdown critical data. Murphy says an employee should not be able to go to a computer and pull up all of the information they have on a given customer such as their name, address, credit card information or social security number. "If you can see that information easily, then we have a problem. That information should be completely encrypted and available only when an application needs it. It should be stored so that it is completely protected. You can't store unencrypted employee and customer data."

He says encryption is the solution for 99% of a company's problems. "If a thief steals a hard drive or is able to access files – he might get a $10 hard drive, but he can't get the data if he doesn't have the keys."

Murphy adds that the gatekeepers of the information should also be audited when they release data so it tracks what was accessed, who opened it and when it was retrieved. These steps can help limit a company's exposure if its data is hacked.

Today's technology has made information highly portable and accessible, but smart companies are taking a big picture approach to their cyber security and preparing for a host of worse-case scenarios so they are able to quickly identify and mitigate a breach when it occurs.

Think your company has a smart, creative and effective plan? Then consider entering it in the inaugural Excellence in Cyber Security Risk Management awards program sponsored by National Underwriter. To nominate your company, fill out an application, including a company profile which will be kept confidential, by October 9, 2015 in order to be considered.

If you want to learn more about cyber security threats and how to address them, then plan to attend ALM's cyberSecure event on Dec. 15-16, in New York City. Attendees will learn how to transform risk management preparedness and response strategy into a competitive advantage.