For a small business, making sure your IT is cost effective but also safe and secure can be a daunting task. It may be tempting to ignore data security, assuming malicious attacks on data are only directed at larger organizations.

Unfortunately, you do have to worry about security -- whether you’re a one-person shop, have 10 employees, or more than 100. Just because your business doesn’t have millions of credit card or social security numbers to mine doesn’t mean you aren’t a target. Hackers will often target small businesses as “practice” for bigger hits, and the evils of phishing and viruses and worms can affect anyone -- no matter who you are. Leaving your business unprotected means running the risk of suffering a total data loss, something that can be catastrophic for a burgeoning business.

Lost data means lost time.  Productivity suffers when IT systems go down, and often a small business owner can spend tens of thousands of dollars just to get a system back up and running.  In addition, many states have passed laws requiring that customers be notified of security breaches. There have been many high profile cases of companies acknowledging lost or stolen data, which can have a significant public relations impact to an organization.

So what can a small or mid-size business do to ensure data is safe and secure? The first step is to understand the threats.

Threats to small businesses

There are a number of security issues you should be aware of and while some are simply inconvenient, others can result in your data being stolen or someone taking control of your network.

Spam, spyware, worms, viruses and Trojans are just a few of the security issues that can result in a data disaster for your business.

As we all know, spam has become a major issue in both business and personal inboxes. But it isn’t just annoying. Spam can lead to malware infection, data loss, identity, and financial theft and other fraud. Never open an email from an unknown sender, and be sure to never open attachments from someone unfamiliar.

While spam is unsolicited and often inevitable, other types of security breaches can be prevented as long as you exercise caution when entering any network outside of your own. IT security firm Sophos recently released a report indicating that up to 90 percent of spam is now relayed from zombie computers hijacked by Trojan horses, worms, and viruses under the control of hackers.

You can avoid the prospect of having one of your machines turn into a zombie computer by urging users to exercise caution when visiting websites and downloading documents or software. Often what appears harmless -- a game or funny email -- can contain malicious coding and enter your network via a user download. While most users in today’s business world are fairly savvy when it comes to these issues, just one user machine can make an entire network vulnerable, so it is essential to educate your users on the importance of exercising caution. Come up with specific company policies outlining the proper use of computers and procedures for downloading programs or applications.

Your people have the power

Unfortunately, it’s often not enough to encourage your employees to take IT security seriously. You should also evaluate your IT operations staff carefully. Whether your staff is small or large, it is essential that the people managing your network are technically competent and up to date on cutting-edge security features. If you don’t have an IT staff or are managing your network on your own, consider looking to a professional firm or hiring part-time staff to help you evaluate your current needs and ensure your company’s data security.

Many small businesses choose to outsource IT operations to a vendor who can provide overall support for day-to-day operations and on-demand support for one-off issues. While it may be tempting to have your 16-year-old nephew manage your network, there are a number of more reliable options to help you get the support you need.

The number of IT support companies for small businesses is as long as the phone book by now, so take some time to do research about the best ones in your area. Ask other local business owners who they use and interview potential candidates to ensure they have the best resources for your specific needs. If you have specialized software programs or a large amount of data to store, you may have different security concerns from other businesses.

Good IT support staff will evaluate your current setup and recommend potential changes to ensure your data is as secure as possible. They’ll also make recommendations to your end users on passwords and other security features. Make sure you are aware of the cost of help desk support and emergency situations for any solution provider you hire -- those potential costs may outweigh the benefits of low upfront prices.

Your data is the DNA and lifeblood of your business. By taking steps to ensure its security, you’re setting the stage for growth and success.

Lisa Metcalfe is a Regional Practice Leader in the Technology Leadership Practice of Tatum LLC. Tatum is the nation’s largest executive services firm, providing financial and technology leadership nationwide.