How seriously do you take your data security? Most people would say very seriously. And yet there is a huge disconnect between what we say and what we actually do.

Check out this list of most commonly used passwords of 2014. Now that you’ve posted that to Facebook and LinkedIn, we can get back to business.

Given that most of us have terrible personal data habits, isn’t it a bit hypocritical to express collective outrage when a company experiences a data breach?

Here’s Forbes’ list of major data breaches in 2014.

That list includes some heavy hitters. But small businesses, healthcare providers, charities and just about anyone else with a computer and data is vulnerable.

When it comes down to protecting data security the weakest link is always going to be the individual. So it is imperative for organizations to put in place frameworks that guard against our natural inclination to become complacent and lazy.

Malicious attacks make the headlines. But most issues come about because of carelessness or misunderstandings.

Understanding the potential damage to an organization if there is a breach is everyone’s responsibility. And that means creating a culture of security that involves staff training, reinforcement and continuous improvement.

I recently spoke to Central Ontario Crime Prevention Assn (COCPA). This organization is made up of police, security guards and other security types who exchange information.

I was brought in because we have a reputation for keeping on top of this stuff by continually monitoring the changing landscape and applying best practices to our own operation while educating our clients on security issues.