The 2013 Global Security Report from TrustWave tells us what hackers have been going after for the last two years:

96% Customer Records (Payment Card Data, Personally Identifiable Information, Email Addresses)
2% Confidential Information & Intellectual Property
1% Electronic Protected Health Information (ePHI)
1% Business Financial Account Numbers
Today’s reality is this: No matter what business you are in, no matter where in the world you are – if you’ve got data, then your business is at constant risk. From the outside in, to the inside out, threats are increasing as quickly as you can implement measures against them, and in spite of tremendous technology investment, many organizations are still ill-prepared for attacks.
So what can you do about it? First understand that what you’re doing now is not enough. If you have firewalls, anti-virus software, internet content filtering, and anti-malware that’s a good start – but it’s not nearly enough.
If any of these tools were 100% effective, there would be no security breaches and we know we’re far away from that. As soon as a known threat is addressed by these tools, a new one emerges. There’s not a product out there that can totally protect you.
There is, however, a solution! 

It’s monthly security scans. My firm currently does these for existing clients at no charge as part of a comprehensive security awareness initiative. They are done remotely each month and then clients receive an external vulnerability report via email.
163While my firm doesn’t have the resources to do this for everyone who needs it, especially for free, I’d like to reach out to you, my Right Clique readers, and do it for you. If you are a small business in Northeast Ohio, then send me an email (Cary@Root-InfoTech.com) containing your domain name (i.e. solonchamber.com, jfsa-cleveland.org) and request a vulnerability scan. Depending on the response I get, it may take up to a week to get you the report, and this will only be a one-time deal (not monthly) – but it will be completely free. Your email “from” address needs to match the domain being scanned, since I don’t know every one of you personally (at least not yet) and need to avoid abuses.