Get All Access for $5/mo

7 Basics for Keeping Your Company's Data Safe Data breaches are costly in money and reputation. Before looking for exotic measures, make sure you have the fundamentals covered.

By Istvan Lam Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Every other week there is a new high-profile data breach in the media. From Target to Home Depot to iCloud to JPMorgan to Snapchat to the White House—and most recently the devastating attack on Sony Pictures Entertainment—there's always a headline highlighting the loss of data and breach of trust.

But that doesn't mean your business has to be one of them and suffer the staggering $3.5 million losses resulting from an average data breach.

Here are seven practices and products you can adopt today to stay out of the data breach club.

1. Arm yourself for the threats within.

Data risks today don't solely originate from malicious hackers, even if news headlines suggest otherwise. A recent PwC study found that internal threats and mistakes now constitute a bigger challenge to business security than external ones, meaning that regardless of size, today's businesses must control not just data on storage platforms, but on employee and business partners' devices and accounts.

Related: 5 Lessons Leaders Can Learn From the Sony Hacking Scandal

2. Get the lay of the land.

Ask yourself: "What is the most sensitive, confidential data that our business holds, how is it handled, and who has access to it?" Create a spreadsheet matching data types and services to the employees and business associates who can access them. Make sure to include the two most sensitive types of data: customer information and intellectual property.

3. Roles and permissions.

Once you've identified your assets, review levels of access and if they can be regulated via policy, or, better yet, programmatically. An important factor to consider is whether your content management platform of choice allows the depth of control administrators need to set roles for each specific use case within the company. It's important that these are refined, limiting access and edit of important data to authorized staff.

4. Learn your weaknesses.

Most people reuse the same password across services, including work-related programs. When a big retailer or service provider is breached, there is a very real chance that corporate emails and passwords are also impacted. A similar vulnerability recently enabled attackers to gain access to millions of Dropbox accounts as third-party services integrated with the product were compromised, laying millions of usernames and passwords vulnerable.

To learn if this has happened before, start by heading over to security expert Troy Hunt's site or Breach Alarm's free tool and scan employees' email addresses through their tool—their database is often updated with the latest published breaches.

Related: 8 Mostly Free Best Practices for Tightening Internal Data Security

5. Passwords hold the key.

To prevent a similar incident, have a strong password management policy. Educating employees about never reusing passwords across services and creating stronger passwords (aim for length over variety of characters, though) is also key.

Understandably, this requirement results in difficult to remember passwords, straining productivity. If possible, start using a password management application. They're easy to use, automatically generate strong passwords for each service—and, most importantly, they're secure. LastPass is a leader in this field.

6. Anticipate the next Shellshock.

There is another important reason to stay on top of security news. Within the past year alone, two major vulnerabilities were found to be lurking in widely used software—Heartbleed and Shellshock. We can safely assume that it's only a matter of time until the next vulnerability is unearthed, and it's important to pay attention to the news for when they come to light—especially if any of the software your business uses is compromised. Mass exploitation of these vulnerabilities can happen in as little as a week's time after they're disclosed, so your business is at risk if you wait around—or even worse, do nothing.

7. Do your homework.

When choosing services to implement into your business's workflow, it's important not to overlook pure security for productivity benefits, an easy mistake in today's productivity-and-cloud-crazed environment. Do your due diligence, and make sure to go with services that are recommended by security professionals and your industry's relevant associations, which often publish guidelines relevant to your market and regulatory environment. It's also important to make sure the services that you decide to go with include privacy policies and guarantees that will inform you when their systems are breached.

Related: 'Bash' Bug Could Be Bigger Than Heartbleed

Istvan Lam

Founder and CEO of Tresorit

Isvan Lam is the CEO and co-inventor of Tresorit’s encryption technology. From a very young age, Istvan had a deep interest in security and cryptography. During his time as a University student, Istvan needed a secure cloud service where he could store his personal files and intellectual property securely. Feeling that no option on the market provided the top-tier security he required, Istvan went on to develop Tresorit in 2011, deploying the strictest data security regulations backed by the company’s patent-pending cryptographic encryption technology.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Business Solutions

Get Down to Business with Lifetime Access to Microsoft Office 2021 for Mac for 70% Off

Unlock essential Office tools with a one-time purchase — ideal for entrepreneurs and professionals looking to streamline their workflow.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Looking for a Remote Job? Here Are the Most In-Demand Skills to Have on Your Resume, According to Employers.

Employers are looking for interpersonal skills like teamwork as well as specific coding skills.

Franchise

The Top 10 Coffee Franchises in 2024

From a classic cup of joe to a creamy latte, grab your favorite mug and get ready to brew up success with the best coffee franchises.

Business News

'Do You Sell Cars?': Tesla CEO Elon Musk Trolls Jaguar Rebrand on X

The team running Jaguar's X account was working hard on social media this week.