IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Ten ways to protect your company from the next big data breach

Even big-name corporations can’t prevent all breaches, but there are ways to protect your business

Your company deals with sensitive information — all companies do. Whether it’s customers’ private information, your company’s financial records and accounts, or that new top-secret project you don’t want getting out just yet, keeping your data secure is a top priority. Unfortunately, it seems to be getting harder all the time.

Related Resource

Secure hybrid cloud for dummies

Accelerate transformation with hybrid cloud

Whitepaper cover with cartoon man's face wearing glasses in yellow circle with blue, black and yellow colour block backgroundFree Download

We’ve seen many major data breaches at many big name companies, including T-Mobile, Microsoft, and General Electric. Even the Internal Revenue Service (IRS) fell victim to a major data breach. 

It doesn’t matter if you’re in charge of a Fortune 500 company or a small business, you must protect your data. While there's no foolproof way to secure all of your sensitive data, these steps can help prevent a data breach.

Data breach defined

A woman examining on-screen data read outs

Shutterstock

Although the exact definition can vary between regulators, a data breach usually occurs when any unauthorised party gains access to confidential information.

The term usually covers everything from one of your own employees logging into a file without permission, to cyber criminals hacking into your systems and taking the personal information of employees and customers.

Normally a breach also involves the failure of a security layer, which results in the accidental or purposeful destruction, alteration, theft, or disclosure of protected data. It is considered a breach if an unauthorised individual simply looks at the data. The consequences can be severe for business, regardless of its exact nature.

The consequences of a data breach

The consequences of a data breach can be as varied as the different forms of breaches themselves. It could be as small as a single employee finding out his peers’ salaries and threatening to sue for higher pay. Alternatively, it could be as severe as cyber criminals or hackers accessing your system’s files and encrypting them before demanding a ransom.

If you follow recent news, you might have seen a variety of data breaches making the headlines which often involve accessing customer data, like addresses, names, social security numbers, and even credit card numbers. These breaches can cost the companies who are affected millions of dollars in lawsuits and lost business.

After a breach has occurred, detecting, defining, and recovering from the incident can be a long and slow process for an organisation. Although the consequences of this kind of leak can be brutal for larger corporations, they can be the death knell for a small business. The best strategy is to be prepared if it occurs and prevent it from ever happening.

10 steps to keeping your data safe

While there is no surefire way to eliminate all data breaches, these nine steps will help your business prevent catastrophic leaks.

1. Hire a professional

You probably have a financial controller or accountant in charge of payroll and accounts payable. Why would you not have a specialized IT security person to safeguard the entirety of your business?

Technology changes quickly, and you need someone dedicated and accountable who can find your vulnerabilities and help you shore them up. This IT watchdog can be your best bet in defending your business from external and internal data breaches.

2. Separate your business and personal accounts

Keeping your business and personal accounts separate should be obvious, but we’re not talking just about bank accounts and credit cards. This separation also goes for all of your accounts, including email and data storage. Keep them separate and have unique passwords for everything.

The last thing you need is someone hacking into your personal email and suddenly having access to sensitive business data.

Make sure everyone in your company follows this practice too. It only takes one small mistake to expose the whole company.

3. Checkout FINRA

The Financial Industry Regulatory Authority (FINRA) is a government-authorized nonprofit organization that oversees US broker-dealers and has a pretty good handle on what it takes to have top-notch cybersecurity.

It has put together a Small Firm Cybersecurity Checklist that’s a handy tool for any business looking to up its cyber security game. It’s free to download and could help you secure some aspects of your business you hadn’t thought about before.

4. Restrict access as much as possible

As much as possible, limit each employee's access to data. That means any employee who doesn’t need access to a program or data file doesn’t get access.

By all means, provide each employee with the permissions she needs to do their job, but limit anything that isn’t necessary. The fewer people accessing data, the lower the risk of a breach—accidental or otherwise.

5. Minimize your data

Think of your business as your home, and all that data is the stuff in your home. The more things you have cluttering an area up, the harder it is to keep track of the important stuff. It’s time to clean up.

Eliminate old programs or data files that serve no purpose. Team up with your IT security officer to establish the proper procedures for identifying and eliminating unnecessary files.

Keeping your data tidy can also help you identify a breach problem sooner too.

6. Encryption

Today’s technology offers plenty of avenues for encrypting your data. Use them. Don’t just encrypt data sitting in files; use encryption for files on the move through email and other means.

7. Educate your employees

One of the most common ways data breaches occur is through an honest employee mistake. You must teach your employees how to create unbreakable passwords and how to identify potential phishing scams and other security threats.

Train, test, and educate your employees on the importance of information security. It can be a tough job to get your employees on board with cyber security training, but it’s essential.

8. Get the C-suite on board

A person on a laptop to depict hacking

Shutterstock

Shutterstock

Cyber security awareness and understanding must start at the top. If the company’s executives don’t fully understand the threat and consequences, it will create a difficult hurdle for each step of the process.

Cyber security is an investment, and like any investment a company makes, the C-suite needs to see the benefit before they’ll be willing to pay for it.

9. Don’t ignore hard copies

Data breaches don’t always happen online. Printed documents can cause equal damage in the wrong hands. Keep all sensitive files in a locked cabinet and designate a gatekeeper who only gives access to those who truly need it.

Also, invest in a quality crosscut paper shredder to properly destroy any documents you need to eliminate.

10. Have a data breach response plan

While preventing a data breach is always the number one goal, your company needs to have an action plan for handling a breach. The ability to quickly detect a breach can save millions of dollars in some situations.

Talk with a cyber security professional and establish steps to identify, contain, and then recover from a data breach.

Data protection is an ongoing process

Once you’ve completed all 10 steps, get ready to do them all over again. Technology changes quickly, and cyber criminals are continually finding new ways to break into sensitive information and profit from it.

If you want to avoid becoming a victim of the next big data breach, stay one step ahead of the game. Companies that become complacent with their cyber security end up being vulnerable to attack.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Modernise your legacy databases in the cloud
Whitepaper

Modernise your legacy databases in the cloud

10 Jun 2022
Deploying flexible data protection to support cloud workload placement
Whitepaper

Deploying flexible data protection to support cloud workload placement

10 Mar 2022
Europol ordered to delete huge cache of unlawfully stored data
data protection

Europol ordered to delete huge cache of unlawfully stored data

11 Jan 2022
Grindr given €6.5 million GDPR fine for selling special category user data without consent
General Data Protection Regulation (GDPR)

Grindr given €6.5 million GDPR fine for selling special category user data without consent

15 Dec 2021

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022