The world set an ominous record in late November, when more than 12.5 million spam emails were unleashed in less than 24 hours by what has been called the largest malware botnet in history.

Any users who opened infected files associated with the attack quickly had their systems taken over and saw a ransom demand on their screen.

Or consider the rogue employee who was allowed to use her personal laptop for work and ended up downloading and stealing all a firm’s client information.

Both these scenarios really happen and they will likely occur again.

The problem is so overwhelming that both companies and clients turn to what psychologists call “avoidant coping,” aka, burying their heads in the sand.

Information technology has changed dramatically in the past couple of decades.

What used to consist of mostly laying cables and repairing computers is now a critical part of what firms are offering to their clients. This is no longer something that can be handed off or ignored.

In part, this is due to the increasing reliance on new communication and productivity technologies. Everything from cloud software, to employee monitoring tools, to customer mobile applications has opened firms up to new vulnerabilities.

Too often, the security of our data is based on the actions and oversight of others.

We need to focus on doing all we can to ensure that any potential breach is identified and mitigated as much as possible. And that takes aggressive action and vigilance.

Here are three steps to take to protect the firm:

1. Segregate the data. The first things that a hacker will go after once they gain entry to the system are the firm’s databases. The more that can be done to silo the information and make it harder for both internal and external threats to download big chunks of data, the more protected the firm will be.

2. Put someone in charge: At minimum, there should be someone at the firm who is responsible for data security. Just as the chief investment officer is critical to serving client needs, firms need a sophisticated point person for technology who can oversee risks both to the firm as well as the clients.

3. Educate employees: The truth is, human behavior is the biggest risk factor. Businesses must educate staff members and set up the organization in a way that empowers them all to identify and respond to threats.

The only way to truly limit the damage that hackers can do is to identify breaches as early as possible and address them quickly. Firms must understand that cyber threats are growing in number and daring and that we can and must do a better job in preparing to meet them.

This story is part of a 30-30 series on how technology is changing your practice.