The last few years have seen a revolution in the way enterprises interact with technology. Whether it’s the advent of the cloud for data storage, or the use of the latest smartphones and tablets to access key applications from anywhere in the world, workers now expect always-on access to the tools needed to do their jobs.

But while this environment brings a wide range of benefits, such as increased productivity, there are also challenges that must be met. Chief among these is the question of data security, as new technologies open up more opportunities for attackers, while the ever-growing amount of data companies have to deal with presents an attractive target.

The costs to businesses if they fall victim to data breaches can be severe. For instance, US retailer Target stated earlier this year that it has so far lost upwards of $160 million as a result of its much-publicised 2013 breach, with costs ranging from upgrading security to paying compensation to affected customers.

All organisations need to be on high alert to the sophisticated threats facing them in today’s environment, but in particular, there are several emerging IT security risks that are posing challenges to businesses. Therefore, a strong understanding of what these are and how to deal with them will be essential if firms are to develop a strong security strategy.

Here, we highlight three of the most prominent threats and how businesses can address them.

1. Cloud computing

The last few years have seen a huge increase in the profile on cloud computing services, with the technology moving from a niche solution to a central part of many firms’ plans. Indeed, recent figures from the Cloud Industry Forum state 84% of UK businesses now run at least one cloud solution.

But when sensitive data is stored outside an organisation’s premises, there will naturally be questions over how safe the data is. When businesses hear terms like ‘public cloud’, they may be worried about who will be able to access their crucial business data.

However, an effective cloud offering is no less safe than an on-premise solution – as long as enterprises understand what protections are in place. For instance, Office 365 comes with a wide range of built-in security features, from 24/7 monitoring of data centres to high-level encryption that protects data both in transit and at rest.

2. Enterprise mobility

The increased capabilities of smartphones and tablets in recent years has also transformed the way many users access data and applications. But while the ability to work from anywhere is great for productivity, it brings with it many security headaches.

For instance, there is the risk of sensitive data stored on mobile devices being compromised if a gadget is lost or stolen. There is also the threat of these gadgets being used as a gateway to a firm’s wider network, as they often do not have the same anti-malware protections as laptop and desktop PCS.

To counter these risks, strong mobile device management solutions will be a must, and this requires both technical solutions and an educated workforce. Businesses must take the time to train their staff and inform them what their responsibilities are when using a mobile device, whether this is a personal or company-owned gadget.

3. Shadow IT

What cloud and mobility have brought to businesses is much greater flexibility, and this is being reflected in how many employees obtain their technology solutions. Increasingly, IT departments are being bypassed altogether by business units, or even individual employees, who look to procure their own tools.

This is known as ‘shadow IT’, and it can create major problems, as IT professionals do not have full visibility into their ecosystem. This means they may not be aware of vulnerabilities or poor user behaviour that creates security risks.

Any IT professionals who do not believe this is an issue in their firm may need to think again. Research published earlier this year by Gartner claims that as much as a fifth of tech spending in the UK comes from outside the IT department. With so many unapproved applications therefore in use, this may present a wide range of security vulnerabilities that businesses need to address.

IT departments must therefore communicate to employees the risks involved in this and have clear policies in place to ensure they remain in control of their IT environment. They should also ask themselves why their users may be turning to their own solutions – by listening to their workforce’s needs and providing consumer-style tools such as Yammer, they can also greatly reduce the risk of individuals turning to unapproved alternatives.