How to Prevent—and Detect—a Data Breach

Receptionist inputting insurance information at computerBusinesses are more concerned than ever about data breaches, with the majority expecting to be hacked in the year ahead, according to one report. Even one security incident can create months of work, forcing a company to repair reputation damage and pay for identity theft protection for affected customers.

The best way to handle a data breach, of course, is not to have one in the first place. But prevention can be challenging, since hackers are consistently finding new ways to break into systems. IT administrators must also learn to detect a breach as soon as it happens in order to take quick action to stop further damage. The following tips can help.

Evaluate Internal Policies

The most important elements of data prevention start with your own internal policies. Your employees should be educated on the importance of responsible device use, including avoiding clicking on links and keeping their passwords safe. Since you can never rely on your employees 100 percent, you’ll also need to set restrictions at the server level that limit what users can do.

In addition to educating and regulating employee use, businesses should also set restrictions specific to their IT departments. If third-party providers are being used, requirements should be voiced early on to ensure your own security needs are being met. If you have your own on-site staff, you should work in coordination with your IT team to develop guidelines that protect customers while also making it easy for end users to get their work done.

Use the Right Software

The best way to secure your network and detect problems is to have state-of-the-art antivirus protection and firewalls in place, as well as encryption where applicable. Choose a solution that sends alerts to your IT staff when a problem is detected. By knowing about problems as early as possible after they’ve occurred, IT administrators can keep damage to a minimum.

If your business is subject to regulations by virtue of the work you do, you should choose a software solution that addresses those regulations. If HIPAA or PCI compliance is a concern for you, for example, a specialized application designed for your industry may be the best option.

Conduct Regular Security Audits

Once you have measures in place to protect your network, you should regularly revisit those measures. Set a date at least once a year to conduct a full audit of your security procedures and see if anything should be tweaked. You may discover holes in your system that you wouldn’t have uncovered otherwise.

In addition to full audits, your IT team should conduct weekly vulnerability scans. There are numerous vulnerability scanning tools available, some at a low cost. However, businesses should be aware that some of the lower-cost solutions may just scan the network, excluding some of the crucial systems attached to it.

Businesses of all sizes are concerned about fraud prevention and detection. With so many affordable resources now available, there are measures a company can take to protect its systems, regardless of the size of its IT department. A minor expenditure on the front end could save a small business big bucks in the long run since it may eliminate the large cost associated with data breaches.

Stay tuned for the next two installments of our Data Breach series, including what to do if you get hacked and how to build trust after a data breach.

Ajeet Khurana
Ajeet Khurana
Ajeet Khurana wears many hats: author, angel investor, mentor, TEDx speaker, steering committee of the NASSCOM Start-Up Warehouse, Director of Founder Institute, Venture Partner with the seed initiative of a top Venture Capital firm, and former CEO of IIT Bombay’s business incubator, among others. Before all this, he was entrepreneurial twice in the field of education and web publishing. As a lecturer at the University of Texas at Austin, he taught e-commerce back in 1993, when the term "e-commerce" had not yet been coined. An undergrad in computer engineering from the University of Mumbai, and an MBA from the University of Texas, Ajeet is presently an active name in the startup ecosystem. From starting two ventures as a solopreneur, to helping a large number of startups with their go-to-market, he has never shied from getting his hands dirty. At the same time he has helped dozens of startups raise investment. He truly believes that small business owners are driving change in the world, and need to be facilitated as much as possible. Innumerable small businesses have gained from his attitude, vast professional networks, financial acumen and digital mindset.

See all posts by Ajeet Khurana
  • All views expressed on the published articles at are those of each of the authors, and do not in any way represent the opinions of Mastercard International Incorporated or any of its affiliates (“Mastercard”). Mastercard is not responsible of the information contained in these articles.