The number of data breaches in the last few years is alarming. Yahoo tops the list of the worst security breach with 3 billion records compromised. The data compromised was user’s answers to security questions. A smaller but more serious breach was First American Financial Corporation’s leak. The financial records of 885 million users were compromised, exposing bank account information, Social Security numbers, and more.

Hackers typically go after financial and identifying information for the profit potential. They can sell your information or use it to steal your identity to apply for credit cards and loans. Although there’s not much you can do to safeguard your data if a large organization you do business with is compromised, there are steps individuals and small businesses can take to protect themselves from identity theft and fraud.

Security Measures for Businesses

If your company works with sensitive customer information such as Social Security numbers, health or financial records, or credit card or banking data, your business should take additional measures to safeguard your customers’ records. Specific types of businesses are more vulnerable than others — for example, medical offices and accountants are targets for hackers because of the data they keep.

To protect your business, website security is essential. If your business sells online, make sure you stay up-to-date on website and SSL security and your responsibilities as an e-commerce merchant that accepts credit card payments. Speak with your merchant processor about what type of security measures you should take to protect credit card data to stay compliant.

Some typical practices that should be avoided when dealing with customers’ credit cards include storing a customer’s card verification value (CVV) from the back of their credit card or saving/displaying more than the last four digits of a customer’s credit card number. Non-compliance with credit card regulations can be costly to your business. Fines vary from $5,000 to up to $100,000 for every month your business is violating credit card regulations. 

Besides website security, all businesses should have a system in place to protect employee records and customer financial data kept at a physical location. Sensitive data should be encrypted or stored off-site such as on a cloud server to keep thieves from breaking in and stealing computers that are storing sensitive customer and employee information.

Security Measures for Individuals

There are a variety of ways that individuals are at risk for identity theft and fraud. The simplest way to protect yourself from the loss of sensitive information is by being more selective of who you share your data with. Shop online with brands and companies you know and trust. Avoid paying online with a debit card or by entering bank account information.

Use a designated credit card just for online purchases and make sure you’ve set up alerts with the card provider that notifies you each time a purchase is made. You’ll be able to track unauthorized purchases faster using this method so you can report them to your card provider in time.

Be more cautious of the type of information you share with others, especially on social media. Your location, photos of your home, your birthday, and the names of family members should be kept private or avoided altogether. Cyberthieves can harvest your public information to build a file that makes it easier to steal your identity.

As for your smartphones or other devices, always enable password verification to access your phone. If it’s lost or stolen, anyone can access the sensitive data if you don’t set up a password. Be more selective about what type of apps you download. Some have hidden malware or viruses that can access your sensitive data or spy on your activity. Make sure any apps you’re interested in have good reviews and are downloaded from the app store.

What to Do if Your Data is Breached

If you receive notice from a company that your data has been breached, or your phone or other device was stolen, it’s essential to take action quickly to reduce your risk of financial loss. If your data is breached, contact your bank, credit card providers, and health insurer to notify them of the incident. You may want to close accounts and open new ones and replace your checks, credit cards, and health insurance card. And don’t forget to change all passwords on your email addresses and accounts.

Order your annual free credit report and review it for any unusual activity. If you notice any accounts you don’t recognize, report it to the credit bureau right away so they can investigate it and remove it from your credit file.

If you find that the security breach has led to identity theft, you can place a credit freeze through the credit bureaus so no one may apply for credit in your name. You’ll need to contact all three bureaus to request a credit freeze. Each credit bureau will provide you with a PIN to lift the freeze if you’d like to apply for a credit product in the future.

Data breaches are an uncomfortable, new reality in the digital world. Fortunately, there are steps you can take or enact at your business or personally to reduce the chances of a security breach. Limit who you share your personal information with, protect your devices and computer equipment, and monitor your credit file for any unusual changes.