Operating systems and applications can always be reinstalled, but your data is unique, making it the most important thing on your computer or network.
“Organizations must now maintain robust privacy measures, including clear privacy policies, opt-out processes, and compliance with consumer protection laws, to mitigate financial and reputational risks,” said IEEE Senior Member Kayne McGladrey in an email to TechRepublic.
Here are 10 ways you can protect that data from loss and unauthorized access.
1. Protect everything with passwords
Password protection is the first line of defense against unauthorized access to your data; it also helps boost multilayer security for your systems by allowing you to combine password protection with other security measures. Some businesses are required to use password protection as part of compliance regulations, such as the General Data Protection Regulation.
To password protect your business data, implement a strict password policy to ensure employees create complex passwords. Additionally, you should have them update their passwords regularly.
2. Back up regularly
Backing up your data early and regularly is an important component of a data loss prevention strategy. Data loss can happen due to cyberattacks, natural disasters, human error, and other events. If you back up your data, you can restore it after losing data.
While manual backup does work, you should also consider data backup solutions that automatically back up data based on a schedule you can configure. More sophisticated backup solutions allow you to choose the data to back up.
3. Keep business software up to date
Keep your business software up to date to ensure it has the latest security patches, bug fixes, and other updates to protect against new and existing cybersecurity threats. Most cyberattacks exploit newly found security vulnerabilities, so be vigilant in keeping your business software updated to the latest version.
SEE: Threat actors jailbreak generative AI to use it to craft phishing emails, ignoring safeguards.
4. Use a VPN
Virtual private networks are great for keeping your business data safe. A VPN creates an encrypted tunnel for your data, hiding it from hackers and other malicious actors; it also helps minimize your online footprint.
A VPN is a must for employees connecting to business networks or accessing sensitive files from their homes or while traveling. While you can use a free VPN service, ideally, you should invest invest in a paid VPN subscription from a reputable provider. Paid VPN versions offer more reliable connections, dedicated servers, and other premium features.
5. Install antivirus software
Modern antivirus software helps protect data from ransomware, spyware, Trojan horses, browser hijackers, and other cyber threats. While an antivirus software license for a business comes at a cost, it’s a relatively small price to pay to keep your data safe.
If you’re using Windows 10 or higher, you already have antivirus software installed. Mac computers have a relatively closed ecosystem and built-in malware protection, but you can also purchase extra antivirus defenses separately.
In the era of generative AI, antivirus protection is even more critical. Threat actors could use AI models in attacks, or compromised data could poison the model if it is used for training.
“Once it’s malicious content, the AI agent that you’re trying to train is going to learn using malicious content as well,” said Ravi Srinivasan, chief executive officer of data protection company Votiro, in an email to TechRepublic.
6. Use multifactor authentication
A reliable way to protect your data is to use multi-factor authentication on devices connected to the business network. With MFA, users enter a password and a one-time passcode sent to another device to gain access. This way, the user needs at least two devices, or “factors,” to log into the system.
MFA acts as an additional layer of security for your data and is becoming a vital part of cybersecurity protocols for businesses. Without using MFA, your data remains vulnerable to unauthorized access due to lost devices or stolen credentials.
“Even if an organization goes passwordless,” said Srinivasan, “you’re still going to have, external users, external third-party contractors, and service providers that might still be accessing your services using passwords as a default.”
Therefore, he said, tech leaders should think of MFA as part of the solution to an access problem. Whatever way your organization uses to secure its accounts, having access and identity control of some kind in place is essential.
SEE: Here’s everything IT leaders need to know about multifactor authentication.
7. Make use of a public key infrastructure
A public key infrastructure is a system for managing public/private key pairs and digital certificates. Because keys and certificates are issued by a trusted third party (i.e. a certification authority, either an internal one installed on a certificate server on your network or a public one), certificate-based security is stronger.
You can protect the data you want to share with someone else by encrypting it with the public key of its intended recipient, which is available to anyone. The only person who can decrypt it is the holder of the private key that corresponds to that public key.
8. Hide data with steganography
You can use a steganography program to hide data inside other data. For example, you could hide a text message within a .JPG graphics file or an .MP3 music file, or even inside another text file; however, the latter is difficult because text files don’t contain much redundant data which can be replaced with the hidden message.
Steganography doesn’t encrypt the message, so it’s often used with encryption software. The data is encrypted first and then hidden inside another file with the steganography software.
Some steganographic techniques require the exchange of a secret key. Others use public and private key cryptography. A popular example of steganography software is StegoMagic, a freeware download that will encrypt messages and hide them in .TXT, .WAV, or .BMP files.
Hiding data may be particularly important if “The organization us[es] real personal data (from customers, patients, employees, and anyone else) for testing and/or training AI tools,” said IEEE member Rebecca Herold.
9. Educate yourself and your employees about cybersecurity
One of the most crucial steps to protect your data is to educate yourself and your employees about cybersecurity. You need to promote a skeptical mindset when interacting with any unfamiliar website, email, or message; this includes learning the importance of following the best practices for data protection, such as not opening emails from unrecognized senders, and not clicking on suspicious attachments.
SEE: Take advantage of this cybersecurity training bundle from TechRepublic Academy.
10. Seek professional guidance
You can choose security consulting companies to assess the security vulnerabilities in your system and how to patch them.
If you need more comprehensive protection for your data, consider hiring a managed security service provider; they offer a variety of security services, including 24/7 security monitoring and incident management. Additionally, if you want to insure your digital assets, consider purchasing a cybersecurity insurance policy.
Generative AI brings new data privacy considerations
While the same rules apply to generative AI, the trendy new technology introduces new data privacy concerns as well.
“Every enterprise integrating AI faces an unprecedented privacy challenge: they’re essentially creating a bridge between their company’s confidential data and public AI models,” said Oliver Friedrichs, chief executive officer and co-founder of cybersecurity firm Pangea, in an email to TechRepublic.
When it comes to AI, proper authorization is key.
“In 2025, we’re seeing a concerning trend where sensitive data exposure through AI isn’t primarily coming from sophisticated attacks – it’s happening through basic oversights in authorization and data access controls,” said Rob Truesdell, chief product officer at Pangea, in an email. “Organizations are discovering their AI systems are inadvertently sharing confidential information simply because they haven’t defined who should have access to what.”
Srinivasan said the shift to AI requires data privacy considerations beyond what organizations considered before 2022; in particular, organizations may use business data to train internal models. Organizations need to be aware of data masking or anonymization to prevent private data from bubbling up in the model’s output.
“The next generation privacy-preserving data sharing technologies, such as de-identification and anonymization, are being developed to address the data privacy challenge posed by generative AI,” said IEEE Fellow Houbing Herbert Song.
Organizations should ask, “How do you preserve the privacy before you train it?” Srinivasan said.
“Companies should conduct thorough risk assessments to identify and mitigate potential harms associated with AI products, understanding their limitations and potential misuse,” McGladrey said. “Maintaining clear documentation of AI system metrics and methodologies, along with disclosing any known risks or limitations to customers, is essential for transparency.”
Transparency about what generative AI can and can’t do is key, said McGladrey, as is compliance with state and federal privacy mandates.
Read the full article here
