20 Ways to Prevent a Data Breach [Urgent Data Protection For Businesses]

Prevent a data breach
Avatar photo

Liz Strikwerda

Content strategist and corporate blogger (2000+ posts). Her work has been featured on G2's Learning Hub, Human Resources Today, Better Buys and over 500 business websites. She plays bluegrass mandolin and enjoys sailing her catamaran and hiking in the red rock wilderness of southern Utah. Connect with me on LinkedIn

Prevent a data breach at your business.

This is critical. Businesses of all sizes have experienced devastating security lapses.

Equifax, Marriott, and Target are just a few of the well-known companies.

20 Ways to Prevent a Data Breach at Your Business

Online Security

1. Use best practices for passwords
2. Use anti-virus software and encryption and keep it up to date
3. Secure mobile devices employees use for work
4. Change the name of your router (SSID) from the default
5. Change the router’s default password
6. Keep router software up to date (you can register it with the manufacturer and receive update notifications)
7. Disable router remote management features
8. After setting up a new router, log out as administrator
9. Make frequent backups
10. Protect your Wi-Fi network with WPA2
11. Restrict employees from using insecure Wi-Fi hotspots
12. Only use encrypted websites for business information (look for https)
13. Enable two-factor authentication

Protect Your Payroll and Wire Transfers

14. Prevent employees from requesting EFT changes in an email or text
15. Regulate how wire transfers are initiated and approved

Prevent Email Hacks

16. Instruct employees how to verify if an email is legitimate
17. Instruct employees not to open suspicious emails or click unknown links

General Security

18. Restrict who has access to sensitive data
19. Use security cameras and monitor feeds frequently
20. Get rid of information you don’t need anymore and dispose of it properly

Pay Attention to FLSA Recordkeeping Laws

Before you do a mass purge of sensitive documents, make sure you remain compliant. HR software has compliance tools that can help.

If You Suspect a Data Breach, Act Fast

Your data protection policy should outline what to do if you discover or suspect you’ve been hacked. The most important thing is to act ASAP.

Review the Federal Trade Commission (FTC) guide for data breach response.

Do a Data Audit

Take inventory of the sensitive information in your organization. Audit every department. The data will be on paper and in electronic form. Don’t forget connected devices.

Go through file cabinets. Have employees check their drawers, files, thumb drives, and any devices they have at home. Don’t forget external hard drives.

Examine your office copiers. Learn how to erase data collected by the copiers and scanners. Creative thieves have extracted sensitive data from used office copiers.

Talk to businesses you work with. Determine how you share information in the course of doing business. Find out what their security protocols are. Tighten policies if necessary.

Document where sensitive information is located and in what forms. Determine who has access to the information.

Don’t Keep Information You Don’t Need

When you’ve finished your audit, determine what you must keep and for how long. Get rid of everything you can.

Be a Better Shredder

Cross shredders are better than strip shredders. Though it’s tedious, thieves have re-assembled cross-shredded documents. Pulverizing paper is even better. It turns it into pulp.

What Information is Sensitive?

The following items can be used to commit identity theft. Your company probably stores information in many forms: paper documents, photocopies, and digital records.

  • Address
  • Date of birth
  • Social security number
  • Birth certificate
  • Death certificate
  • Passport number
  • Bank and credit card account numbers
  • Password/PIN/mother’s maiden name
  • Driver’s license number
  • Telephone number
  • Biometric information (iris/palm scans, finger scans, and other biologic identifiers)
  • Medical records and related health information

Identity theft isn’t your only risk. Make sure you safeguard your intellectual property as well.

Appoint a Security Manager

Designate a person in charge of data security. Choose someone who knows the applicable laws. They should also have a thorough understanding of your business processes.

If you have a large organization, you need a security team. Include senior IT, HR, legal, and accounting personnel. If you have the resources, consider adding a white collar crimes specialist to your organization.

Your security manager is responsible for training managers and employees. They must hold managers accountable for their teams. Review policies frequently. Stay apprised of best practices by consulting a cyber security expert. Check the FTC and FBI websites regularly for additional guidance. They post new threats as they become aware of them along with recommendations for prevention.

Create Formal Security Policies

Outline exactly who has access to sensitive data. Establish protocols for using the information.

Purchase additional security software if necessary. Train employees thoroughly on both the policies and how to use the software.

Control access to software and files. You can use a scanning time clock to restrict access to server and file rooms.

Consider Cloud-Based Software

SaaS providers help keep sensitive information safe. There are many advantages to keeping business data secured in the cloud. Human Resources and outside recruiters handle extremely sensitive information. Consider using cloud-based HR software. This includes applicant tracking systems, time and attendance solutions, employee scheduling products, and general HR management.

If you already use SaaS products, request a copy of your vendors’ policies. Make sure they follow best practices for cloud security.

Share these critical data protection tips with your network.

By Liz Strikwerda


Simplify HR management today.

Simplify HR management today.

Using an All-in-One Platform for Hiring and Managing Employees

June 13, 2023
Posted in

Today’s small business owners are often pulled in countless directions, leaving them feeling overwhelmed and challenged. Between building strong teams and making crucial decisions, a business owner may not have time to tackle other tasks. Hiring tends to take a lot of time and energy, especially considering that it takes an average of 20-30 days…

Read More
Form I-9 Employment Eligibility Verification

DHS Announces I-9 Compliance Extension Through July 2023

November 7, 2022
Posted in ,

Immigration and Customs Enforcement (ICE) and The Department of Homeland Security (DHS) recently announced the extension of the temporary I-9 verification option. The agencies cited ongoing precautions due to the pandemic. The temporary rule was initially announced in March 2020 and has been extended several times since then. The latest extension had been set to…

Read More

WorkforceHub takes care of business.

We’ll show you how.

Request a Demo - Footer Form

Looking for help? Please click here.

brand - dots