Get All Access for $5/mo

7 Basics for Keeping Your Company's Data Safe Data breaches are costly in money and reputation. Before looking for exotic measures, make sure you have the fundamentals covered.

By Istvan Lam Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Every other week there is a new high-profile data breach in the media. From Target to Home Depot to iCloud to JPMorgan to Snapchat to the White House—and most recently the devastating attack on Sony Pictures Entertainment—there's always a headline highlighting the loss of data and breach of trust.

But that doesn't mean your business has to be one of them and suffer the staggering $3.5 million losses resulting from an average data breach.

Here are seven practices and products you can adopt today to stay out of the data breach club.

1. Arm yourself for the threats within.

Data risks today don't solely originate from malicious hackers, even if news headlines suggest otherwise. A recent PwC study found that internal threats and mistakes now constitute a bigger challenge to business security than external ones, meaning that regardless of size, today's businesses must control not just data on storage platforms, but on employee and business partners' devices and accounts.

Related: 5 Lessons Leaders Can Learn From the Sony Hacking Scandal

2. Get the lay of the land.

Ask yourself: "What is the most sensitive, confidential data that our business holds, how is it handled, and who has access to it?" Create a spreadsheet matching data types and services to the employees and business associates who can access them. Make sure to include the two most sensitive types of data: customer information and intellectual property.

3. Roles and permissions.

Once you've identified your assets, review levels of access and if they can be regulated via policy, or, better yet, programmatically. An important factor to consider is whether your content management platform of choice allows the depth of control administrators need to set roles for each specific use case within the company. It's important that these are refined, limiting access and edit of important data to authorized staff.

4. Learn your weaknesses.

Most people reuse the same password across services, including work-related programs. When a big retailer or service provider is breached, there is a very real chance that corporate emails and passwords are also impacted. A similar vulnerability recently enabled attackers to gain access to millions of Dropbox accounts as third-party services integrated with the product were compromised, laying millions of usernames and passwords vulnerable.

To learn if this has happened before, start by heading over to security expert Troy Hunt's site or Breach Alarm's free tool and scan employees' email addresses through their tool—their database is often updated with the latest published breaches.

Related: 8 Mostly Free Best Practices for Tightening Internal Data Security

5. Passwords hold the key.

To prevent a similar incident, have a strong password management policy. Educating employees about never reusing passwords across services and creating stronger passwords (aim for length over variety of characters, though) is also key.

Understandably, this requirement results in difficult to remember passwords, straining productivity. If possible, start using a password management application. They're easy to use, automatically generate strong passwords for each service—and, most importantly, they're secure. LastPass is a leader in this field.

6. Anticipate the next Shellshock.

There is another important reason to stay on top of security news. Within the past year alone, two major vulnerabilities were found to be lurking in widely used software—Heartbleed and Shellshock. We can safely assume that it's only a matter of time until the next vulnerability is unearthed, and it's important to pay attention to the news for when they come to light—especially if any of the software your business uses is compromised. Mass exploitation of these vulnerabilities can happen in as little as a week's time after they're disclosed, so your business is at risk if you wait around—or even worse, do nothing.

7. Do your homework.

When choosing services to implement into your business's workflow, it's important not to overlook pure security for productivity benefits, an easy mistake in today's productivity-and-cloud-crazed environment. Do your due diligence, and make sure to go with services that are recommended by security professionals and your industry's relevant associations, which often publish guidelines relevant to your market and regulatory environment. It's also important to make sure the services that you decide to go with include privacy policies and guarantees that will inform you when their systems are breached.

Related: 'Bash' Bug Could Be Bigger Than Heartbleed

Istvan Lam

Founder and CEO of Tresorit

Isvan Lam is the CEO and co-inventor of Tresorit’s encryption technology. From a very young age, Istvan had a deep interest in security and cryptography. During his time as a University student, Istvan needed a secure cloud service where he could store his personal files and intellectual property securely. Feeling that no option on the market provided the top-tier security he required, Istvan went on to develop Tresorit in 2011, deploying the strictest data security regulations backed by the company’s patent-pending cryptographic encryption technology.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

These Companies Offer the Best Work-Life Balance, According to Employees

The ranking is based on Glassdoor ratings and reviews.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Science & Technology

Use This Framework to Successfully Integrate AI Into Your Business Operations

Here's how to ensure both innovation and compliance when using AI in your organization.

Leadership

Why Your AI Strategy Will Fail Without the Right Talent in Place

Using fractional AI experts through specialized platforms allows companies to access top talent cost-effectively, drive innovation and scale agile strategies for growth.

Growing a Business

5 Effective Strategies to Boost Your Business's Online Presence

Boosting your online presence in 2025 is the key to success for businesses looking to grow. Working on your branding and reputation management is important to drive more sales and improve conversion.