While there are ever-increasing threats to a firm's IT security, technology consultant Dave Cieslak, principal and co-founder of Simi Valley, Calif.-based Arxis Technology, advises that firms pay attention to these five common pitfalls and offers tips to abate the risks:

1. Mobile assets. With the explosive proliferation of small devices (tablets, cell phones, ultrabooks, etc.) and laptops, loss, theft and improper disposal are quickly becoming one of the most significant threats to overall IT security and data leakage/loss. Reasonable steps to reduce this increasing risk include setting up passwords for all devices, encrypting data on the devices themselves, installing tracking and/or remote-wipe software in the event devices are misplaced, and end-user training.

2. Cloud security. Since data and applications will now be residing somewhere other than the "safe and secure" corporate computer room, security concerns are increasingly taking center stage. Organizations need to consider both internal factors (any requirements or laws preventing certain data from being migrated to the cloud), as well as external factors, such as where the data will be stored, who will have access, what controls the vendor has in place, will the data be replicated, can an organization make their own off-line backups, are intrusion detection mechanisms in place and is the vendor SAS 70 certified - to name just a few.

3. Social media. Users, it seems, are comfortable sharing virtually everything these days via online social media Web sites. But this "personal" information can, and will, be used against them. Cybercriminals are incorporating unique user information into targeted phishing scams. Users need to be on a keen lookout for these targeted attacks and be more wary than ever regarding what they click on.

4. Infected Web links. More and more cybercriminals are using infected links as a means of inducing users to install malware on their machines. End users need to be vigilant about what they click on and make sure they have an up-to-date antivirus solution in place.

5. Backups. Critical data, applications and services need to be identified and a backup solution implemented to ensure that the e-lifeblood of an organization is not placed in significant peril. Organizations should definitely consider using one of the many cloud-based backup services to complement, or even as the foundation of, their backup strategy.