Securing your company’s data is critical for both your bottom-line and brand reputation.

When a breach occurs, your customers lose faith in your organization.

With the cost of a data breach estimated at $154 per record compromised, the financial burden of a breach can add up very quickly; averaging as much as $3.79 million per incident.

How can you protect your servers, cloud infrastructure and payment gateways from the organized criminals attempting to steal your data?

1. Perform Regular InfoSec Audits

If you aren’t taking a hard look at how your employees and customers interact with the information your company has on file, you need to pay attention to this step. There’s a reason it’s the first one we’re going to discuss. The most vulnerable point in your data infrastructure is where and how your employees access secure information.

Related Article: The Security Risks in Social Media: Interview with Joseph Steinberg

To understand where you’re most vulnerable, an InfoSec Audit is a great first step. According to 360ict, “Many vulnerabilities are not systems related but are due to the way in which individuals interact with the system. For example, employees may frequently leave their PCs unlocked, or share login passwords. An audit will look at the policies, procedures and human interactions with the system.”

The focus on human interaction with the system is a key component to a comprehensive InfoSec Audit. Hiring an outside Firm to perform this audit is highly recommended.

2. Mandatory Random Passwords and Regular Changes

Most employees, if allowed, will use the same password for years at a time. Their passwords are usually based on something familiar to them; their birthday, address, phone number or family member’s name. Having context clues makes passwords easier to remember, but they also become a lot easier to hack. A report published in 1996 pointed out the vulnerabilities of weak passwords. “The Computer Emergency Response Team (CERT) estimates that about 80 percent of the security incidents reported to them are related to poorly chosen passwords.”

To avoid falling victim to an easily guessed or deciphered password, mandate that employees utilize a random password generator. An app like Keeper can provide both random passwords, as well as an easy-to-use solution for organizations to share passwords with team members, from a secure platform.

Related Article: Lock It Up: How to Ace Email Security in 2016

3. Keep Software and IT Infrastructure Up-to-Date

For SMB’s, hiring a team of data security specialists is usually outside of their operating budget. But, the good news is that the likelihood of being hacked is greatly reduced when systems and software are kept up-to-date. Here are a couple steps to add to your IT department’s weekly and monthly system tune-ups:

• Verify Windows Update is Turned On and Functioning
• Check with software vendors to patch programs as soon as updates are released; the vast majority of updates include security enhancements.
• Install a reputable antivirus / antispyware / antimalware programs onto all devices used to conduct business transactions and view proprietary data.
• Install and update firewall policies on your corporate communication infrastructure (VOIP, Email, etc.).

4. Draft and Implement a Data Security Policy

Is your team familiar with your corporate policies outlining proper data handling procedures? Does your company even have a Data Security Policy? Every employee in your organization needs to have a clear understand of their role in keeping customer information private and secure. A strong policy will include:

• Restriction on the information that can be transferred to personal devices.
• Restrictive access permissions based on role and seniority in the organization.
• Ensure data is encrypted by utilizing Encrypting File System (EFS) protocols in Windows.
• Make sure all paperwork that includes customer information is shredded prior to disposal.
• Have employees sign the policy as a condition of employment, including updated policies as they’re implemented.
• Educate employees on common phishing scams and other human-centered attacks on corporate data.

As your company grows, opportunities will arise to utilize outside vendors. Always check that third-party technology suppliers hold current data center and industry certifications. Make sure employees understand how something as simple as a password can completely wipe out a company’s hard-earned reputation. Working with an outside Firm to validate that your information is completely secure will give you peace of mind.

Related Article: Data Breaches Hurt 43% of Businesses in 2014: Do You Have a Cyber Security Plan?

Don’t let data theft keep you up at night. Focus on what’s important, and rely on your company’s Data Security Policy to provide the framework for safe data practices at every level.