Top Workplaces: Someone is attacking your computer, tablet or smartphone

If you're reading this on a desktop or laptop computer, or even a tablet or smartphone, there’s a good chance someone is trying to break in — and there's no way you would know it.

Much of the time, you’re protected by your internet service provider, working in the background to keep bad things from happening.

TOP WORKPLACES 2017: Special section | Full list of winners

But we're all vulnerable to phishing or other cyberattacks, maybe by clicking on an innocent-looking link that eventually ends up giving our passwords, credit card numbers or other private information to cyber criminals. They, in turn, either use the information themselves or sell it on an online black market.

The threats are constantly evolving, said Gregory Chi, chief information officer at MGIC, the Milwaukee-based mortgage insurer.

At least once a week, MGIC gets cybersecurity bulletins from the Federal Bureau of Investigation, warning businesses of new threats in the cyber world.

“You are most likely under constant attack without even realizing it,” Chi said.

There are hacking tools available to anyone on the internet, and some  mischief comes from people seeking bragging rights by gaining access to large companies’ computer systems.

More worrisome are sophisticated attacks from foreign governments and organized crime.

Some states, like New York, now require a certain level of cybersecurity for any company wanting to do business with them. There are more regulatory requirements and financial liabilities, which help keep companies focused on the threats.

“It ratchets up everybody’s game. Everybody is participating at a higher level,” Chi said. “If you haven’t been investing in this on a regular basis the last five years, you would have a lot of catching up to do."

Small and midsize companies are among the most vulnerable to attacks because they don’t always have adequate staffing or policies in place to protect themselves. That’s also true for local governments.

Sometimes cyber criminals take over web servers and use them to attack others or run child pornography rings. That could get a company in trouble with the law even if they knew nothing of the illegal operations.

Mobile phones are a newer and increasingly common target, as some are easily hacked and often contain valuable information, including confidential company contacts. When you're traveling abroad, in particular, experts suggest you consider using a mobile phone that doesn’t contain personal and business information — possibly a temporary, disposable phone.

Very often, people are the weak link in the security chain: Every so often, for instance, headlines are made when an employee leaves a laptop containing sensitive corporate or customer information on the seat of a car, where it's easily stolen.

That's why MGIC doesn’t issue company laptops, Chi said.

Many cyber criminals are looking for other ways to steal corporate data, said Jeremy Edson, information security manager for Marquette University.

“These people are spending a lot of time doing their homework, to find your organization and then use targeted campaigns to gain credentials or install malware. These are the majority of the attacks,” Edson said.

“The people who are trying to gain intellectual property and steal information are working 24-hour cycles with automation. The threats are becoming more sophisticated.”

Consequently, it's important for cybersecurity to be practiced throughout a company, not just the information technology department, according to a new report from the accounting firm Ernst & Young.

“Few companies today have the appropriate skills and resources in-house to effectively secure their information assets,” the report says.

No organization can predict or prevent all or even most attacks. But by educating themselves and their employees about the danger, they can reduce their attractiveness as a target and make themselves less vulnerable.

“An organization in a state of readiness inhabits an entirely different mindset — sees the world differently — and responds in a way the cyber criminals would not expect,” Ernst & Young said.