A $20 million bill you don't want your company to receive

The cost of a single cyberattack to a business can run as high as $20 million.

It's now a daily occurrence: Reading the headlines over a cup of java you come across one about a major cyberattack.

Isn't it shocking that even the U.S. government, with its layers of bureaucracy and "state-of-the-art" defense systems, can experience an attack on the data of 4 million workers?

In some ways, it's actually not a surprise.

But what if it was your data or your firm's?

Evgeny Sergeev | iStock | Getty Images

As someone who's been close to technology since my days in Silicon Valley, I don't see the issue going away anytime soon. Even Apple is paying heed to security with its new iOS9, adding two-factor authentication for your ID and stronger encryption to ward off hackers.

The impact can be huge: Not only to your reputation, but the cost of a successful cyberattack is about $20 million for a financial services firm, $14.5 million for those in the tech sector, $12.7 million in communications and $8.6 million in retail, according to research from the Ponemon Institute referenced in a Heritage Foundation report. Deloitte also states that the financial services sector faces the greatest economic risk related to cybersecurity.

Read MoreThe cybersecurity talent war you don't hear about

What can you, as a firm or leader, do to protect your data and reputation?

I've talked to CEOs, CMOs, wealth management leaders and advisors about navigating the new world proactively and easily. Here are five key areas to consider if you haven't already:

"The one thing going for you is that you can move more quickly in taking action than the U.S. government."

1. Start with the basics.

Lock and encrypt computers, use anti-virus software, and use a password manager. Be sure to control access to that password manager, typically to two people.

2. Train employees.

Not just on social media, but on data security protocols, using personal devices and reporting incidents. Don't forget that vendors and employees may pose risks, even if unintentional.

Read MoreA job search tool that reads your mind

As part of your social media training, be sure to include behavior on various platforms. Social media for content-sharing isn't dangerous from a cybercrime perspective. But just as we need to watch those fraudulent emails, so too do we need to watch for the alluring follower on Twitter—the "phony" who posts a link that reads "check this out!"—only to infect your or your employees' devices and possibly even your firm's networks.

3. Conduct a mock cyberattack.

Smart firms are taking action now, simulating an attack and the actions that would be taken.

Train employees and conduct simulations of a data or social media breach: What would they do if malicious activity or other threat is detected? Who would they report it to? Among the key steps are to change passwords, notify key stakeholders, access or make backups of data, and contact your insurance firm if you have cyberinsurance.

4. Create a customer feedback loop.

It's surprising the number of financial firms that do not have an easy way for customers to communicate online about some issue or breach. Consider a message in statements or online directing consumers to alert leaders to possible cybersecurity threats.

5. Protect publishing platforms.

Web publishing is a straightforward process. The key is in the tools you use to post content. For example, if using WordPress, secure that platform to better protect yourself and prevent the uploading of files that could infect your site or your visitors. Never allow others to upload files without first scanning them for potential risks.

It's a new world out there. The one thing going for you is that you can move more quickly in taking action than the U.S. government.

By Jennifer Openshaw, author of "The Socially Savvy Advisor," is a nationally known financial leader and consumer advocate.

Openshaw has advised Fortune 500 firms on technology and communications and has appeared on CNBC, Fox and CNN.