Even though IT managers and departments have been primarily concerned about security, ultimately it is the responsibility of business owners and chief information or executive officers (CIO, CEO) to protect an organisation from threats.
In the years since the Internet first came on the scene, the security scenario has undergone rapid changes and developments as threat and counter-threats have been developed and deployed.
As IT security threats continue the form and nature of these threats may not be what most people expect – or even suspect.
Here are some of the top security threats you will hear more about during 2009:
Lost Laptops and Careless Employees
The increasing portability of laptops and storage devices is of concern. This increases the chances of these portable computing and storage devices being stolen not only for their resale value, but for importantly the information contained within. This problem is compounded by the apparent lack of security awareness by 
many employees which extends to employees and their internet-based social networks.
Weak Policies
IT security experts have also expressed increasing concern over identity thefts.
While most companies limit physical access to employee records, many companies still have vulnerabilities in terms of systems and procedures in handling these.
Many companies do not purge data when the company’s computers are reassigned or disposed of; others do not even install passwords on employee computers; still more do not encrypt personal information when these are transmitted over the Internet or company networks.
Overconfidence
Some business owners feel their company’s security is more than adequate to meet existing and potential threats. Anti-virus, anti-spyware, anti-spam software and improved techniques have all contributed to the complacency of businesses.
However, security is 24/7, check, double check and triple check, random reviews and tests. It is a never-ending activity and while automation may have relieved the pressures a bit, there is no room for error or overconfidence – especially as many threats are coming from unexpected sources.
What can you do to minimise exposure to your business?
Analyse your security policies and procedures – if you don’t have any in place, start on them now.
Work with your technology providers. They should have some good ideas about what you can do to improve your protection.
Consider some of the smarter technologies now available such as managed online solutions that protect your business from outside your network. Rather than buying hardware and software which you have to maintain and replace every few years, you can ‘turn on’ security services which operate from the Internet, are updated constantly and cost less than a hamburger per person per month.