Corinne Gustafson is an audit intern at Larson & Company. She has done an in-depth study on cybersecurity issues relating to audits.

As technological advancements grow in each industry, so does the threat that every piece of information you store can be hacked into or stolen. A study performed at the University of Maryland quantified the rate of hacker attacks on computers with internet access as an average of every 39 seconds, or, one in three Americans per year. If every company put forth more effort to avoid these mistakes most common among Americans, we would more easily protect ourselves and our companies’ information.

  1. Believing an attack won’t happen to you. Many small to medium sized companies of various industries don’t believe they are a likely target for a cybersecurity breach, but studies show that 43% of cyber-attacks target small businesses. This is because people don’t believe, thus not preparing, for an attack. Create a plan for if something does happen. Notice any flaws or weaknesses in your systems. Proactively prepare, so you will be ready if something does happen.
  2. Weak Basic Security – Passwords. Often times, people tend to use easy to remember passwords for themselves. They also use the same password across different logins and systems. This is a basic mistake that makes it very easy for a breach to occur. Anyone with a little hacking knowledge can easily bypass the password; and if there is one password for multiple accounts, they’ve been given access to all of it. Which brings us to our third biggest mistake:
  3. Little to no encryptions – Something as simple as making sure important documents are encrypted can be very protective against cyber security threats. Once a computer is connected to the internet, it is susceptible to be hacked. Before connecting to the internet, be sure to encrypt important documents and install a line of defense software that can combat hackers. Also note that anything shared over e-mail, Google Drive, and Dropbox should be encrypted. Even if you are sending or sharing to a trustworthy destination, hackers may be able to intercept traffic to steal or modify data.
  4. Untrained staff – Have an extra training on IT security. Warn your staff against clicking on links from any suspicious source, and any other threats from viruses, spyware, and phishing attacks. It is also important that your staff members know what to do in the case an attack does happen
  5. Trying to manage on your own – It’s a good idea to outsource to IT service providers who have the knowledge, specialized resources and abilities. They can protect your data, train and prepare your staff, as well as help you through any attacks.


While each company differs in their IT strengths and sizes, every company should at least consider their situation and evaluate how they’re doing in these five areas. Determine how these mistakes can affect their organization and the likelihood that these mistakes are being made. Having at least an annual assessment of these mistakes and things to combat them will help companies proactively protect themselves against cybersecurity threats.


At Larson & Company, we are committed to help companies understand the risks to their IT security. If interested, we can help your organization perform an IT Risk Assessment and recommend the best practices for your organization. For more information or questions about other services we provide, please contact Larson & Company today.