How to prevent data breaches?

Since 2016, data breaches have numbered over one billion per year. Despite this, most companies and individuals struggle with the bare minimum security measures. Let’s change that. Below, we will cover everything you need to know about how to prevent a data breach in your business.

Table of contents

    What are data breaches?

    Data breaches refer to any situation where a person gains unauthorized access to sensitive data. More often than not, these breaches result from human error.

    Yep, they don’t always have to include malicious actors. Sometimes, the responsible party is good ol’ negligence. 

    How do data breaches happen?

    How do data breaches happen?

    A data breach occurs when sensitive information is released. However, the “how” can come from any of these sources:

    • Weak password combinations that are easy to guess;
    • Stolen credentials gained from outside actors; 
    • Data security teams failing to encrypt data;
    • Lost or stolen devices that have access to the data;
    • Malicious insiders who use their credentials to steal data;
    • Regular insiders who blurt out information that exposes insider secrets.

    In a company setting, most data breaches occur due to someone disclosing sensitive information in the wrong place at the wrong time. In fact, close to 85% of data breaches happen by accident.

    That being said, hackers are also working hard days and nights to access confidential data, usually through the following means:

    1. Phishing: A social engineering tactic meant to fool you into thinking a message you receive is from a legitimate source. For example, an email from your favorite sporting goods store (that’s actually from a hacker) telling you that you won a free tent, but you need to confirm your account information to receive it.
    2. Brute force attack: A method where malicious software submits every password in the book in hopes of guessing yours. Those who use publicly identifiable information are more likely to fall victim to this. As an example, your pet’s name and/or your birthday make a terribly weak password.
    3. Malware: Malicious software that infects your devices to gather sensitive information. Examples include keyloggers that look explicitly for Social Security numbers.

    While it helps to know where security flaws come from, that is only half the battle.

    Eight steps to prevent data breaches

    There are at least eight steps you should take to protect your business from data breaches. That said, most of these tips still apply even if you are not a business owner.

    1. Establish a privacy policy

    Establish a privacy policy

    A good privacy policy instructs employees what data they can and cannot bring outside the workplace.

    Most people don’t think about what can happen if confidential information is exposed. Because that’s the case, a lot of employees collect and spread sensitive data accidentally.

    You might also want to include vendor risk management programs if you work with third-party vendors. This way, you can keep your data secure at different levels, both inside and outside your organization.


    Instruct your employees to keep company-sensitive information to themselves via privacy policies. Also, consider vendor risk management programs if you work with third-party vendors.

    1. Restrict access to confidential information

    Restrict access to confidential information

    Properly tech-savvy companies understand that most data should be kept on a need-to-know basis. Therefore, they make sure that employees cannot access data that isn’t vital to their work. 

    Think of it this way: if you tell 100 people about your secret project, there’s almost no chance that it will remain a secret. However, if you reveal that information to three people, you might just be able to avoid unintended exposure.

    Also, make sure you establish multi-factor authentication for parties who currently have access to that information. With it, you can identify when and how people access data, discouraging cybercriminals through difficulty.


    Despite their best efforts, people like to talk. So, be selective about who you allow to gain access to confidential information.

    1. Avoid data hoarding

    Avoid data hoarding

    Data hoarding happens when you have a hard time getting rid of data. If you’ve ever seen an episode of Hoarders, you’ve seen a physical representation of this. The fear of data loss is real, but you don’t need to keep everything, not really.

    Actually, never deleting personal data results in a greater chance of exposure. For example, you might have hints to your current passwords in that old data. Someone stealing outdated information like that is one of the many reasons data breaches happen as frequently as they do.


    Make sure that regular security audits also include removing unnecessary data. Keeping only what you need reduces the chances of malicious actors stealing sensitive information.

    1. Educate employees

    Educate employees

    As we’ve established above, it is important to educate employees on what data they can and cannot take home. But when they don’t know how and why they ought to do it, all of your education attempts will go for naught. Ergo, you should, nay, must teach your employees proper cybersecurity chops.

    Ask any random person on the street what phishing is. Chances are, they will have no clue. And, unless you work in cybersecurity, neither will your employees. 

    So, it’s up to you to help them understand what it means to keep personally identifiable information secret.


    Educate employees on what data they can and cannot take out of the workplace. Data breaches happen in the off-time too, so make sure the people you work with also remain diligent in their personal lives.

    1. Keep security software updated

    Keep security software updated

    As annoying as update pop-ups can be, they usually include patches and fixes to various security vulnerabilities. So, best not to avoid them. 

    Consider the breach of 1.6 million WordPress accounts. After the breach was discovered, numerous companies came forward with quick patches to various themes and tools.

    Despite this, hundreds of thousands of websites suffered from data exposure because they didn’t check the news. Now, if their web hosts (or web admins) kept tabs on things, they would likely be able to avoid a data breach (or keep it to a minimum).


    If you don’t want your sensitive data to fall into the wrong hands, keep your security software up to date. It’s much easier to prevent data breaches than to deal with them post-factum.

    1. Protect the devices of your employees

    Protect the devices of your employees

    Remember that keeping your data secure isn’t just about your system, but the devices of your employees too. On that note, here’s what you (and your employees) should do:

    • Use unique (and strong) passwords across all devices;
    • Encourage multi-factor authentication (MFA) to hide confidential information;
    • Require employees to keep their login credentials and valuable data secure;
    • Use software that automatically times out after a few minutes.

    An organization’s reputation ideally comes from the security practices of its employees. If a high-profile employee had a security breach and lost financial information, that breach might come back to bite the company.

    Social manipulators can even use credentials stolen through identity theft to gain access to company data. Therefore, ensuring that the company’s employees are held to the highest standard is essential to ensuring its security. 


    Encourage employees to secure their devices. This can be done by using strong passwords, multi-factor authentication, not sharing personal information, and using software that automatically times out.

    1. Manage portable devices

    Manage portable devices

    Mobile devices are among the biggest culprits behind workplace security vulnerabilities. Leave your phone someplace public and, et voilà, you introduced a security threat.

    Smartphones, flash drives, tablets, laptops, and various unattended Bluetooth devices can create an easy opening for hackers. To ensure a regular criminal doesn’t turn into a cybercriminal, always keep your devices protected with strong passwords.

    You can also have built-in security to protect your important data. Several mobile applications snap a picture of the criminal and send it to a public location. Other than that, you can lock your own devices using biometric data, preventing data breaches from happening (unless they have your fingerprint).


    Avoid leaving any devices unattended and unlocked. This applies to flash drives, laptops, smartphones, etc.

    1. Use a VPN

    VPNs are there to protect your data. Some things security-wise are often out of your and your employee’s control. Therefore, having a good security system in place is simply a must. 

    VPNs encrypt your data. Of course, this won’t help you if a hacker gets physical access to your employee’s device. Your network, though, will be harder to hack into. Investing in something like a VPN concentrator will minimize threats from hackers that try to get into your network remotely. 

    As VPNs mask your IP, hackers can’t identify your location, track down your network or crack it to access your data. This also protects more sensitive gadgets like printers or even alarm systems. 

    Remember that VPNs can protect you from hacking attacks such as malware, cookie theft, DDoS, and many more.

    Keep hackers at bay

    Get Surfshark

    What do you do if a breach happens? 

    Following all of the tips above will prevent a typical data breach. However, there is no 100% surefire way of protecting sensitive data. Whether you are a company or an individual, you need to have a response plan in place.

    These tips will help you formulate it:

    Change any leaked passwords

    Breaches pose a threat even months after they’ve happened if the information stays the same. Hackers often upload this information online. If it is not changed, anyone could find your passwords and use them to log in to your accounts. 

    Remove your data from the breached websites

    We often forget old accounts we no longer use. Still, if a website was breached once, it’s possible it could happen again. Delete any data that could still be there to ensure people can’t access it again. 

    Find out what the breached site is communicating

    Remember that a trusted business will inform its clients of any breaches. It will also share how they happened and what will be done in the future to prevent them. Don’t trust your data with companies that do not offer transparency.

    And don’t forget that the best way to react to a breach in time is an active monitoring system. Systems like Surfshark Alert monitor the web for any leaked data and inform you if anything matching your information is leaked. This will help you react to breaches faster and minimize the damage. 

    Having a response plan in place allows you to be better prepared if a data breach occurs.

    Breach prevention is in your hands

    Preventing data breaches is made easier with the above-mentioned software security practices. Despite your best efforts, a data breach might happen anyway. And the sooner you find out about a breach, the more likely you are to get to it before malicious agents do. So, make Surfshark Alert part of your continuous monitoring practice. If you become aware of a breach on the same day it happens, you might get to it before anyone does any real damage. Stay safe, react fast, and keep your data private.

    React to breaches before hackers do

    Get Surfshark Alert


    What is the impact of data breaches on individuals?

    Data breaches can compromise the sensitive data of individual users. This exposure can lead to identity theft, stolen bank information, and severe financial burdens.

    What is the impact of data breaches on companies?

    Whether a large or small business, data breaches can happen to anyone. And it can have serious consequences, including theft of company secrets, identity exposure, and business closure.

    More than 50% of companies shut down within six months of data breaches. So businesses need to be incredibly careful with a strong security team.

    What should you do after a data breach?

    As a breach can ruin a company’s reputation it’s important to react accordingly. You should: 

    • Change all passwords;
    • Issue a public statement;
    • Provide a plan of action to stakeholders;
    • Back up and move sensitive data.