Protecting your business data from potential info security breaches does not have to be an impossible and inscrutable task. In fact, by following these five guidelines, you can discover and plug many of the holes in your data protection strategy. A well-rounded business data protection plan can help you avoid—or survive—a brush with data thieves.

Perform a Security Audit

Know what personal or business information you have, where it’s located, and who has access to it. This includes data such as customer contact information, business passwords, credit card numbers (your own or your client’s), etc. Once you know this: reduce, reduce, reduce! Remove access from those who don’t need it. Consolidate where important information is stored. Make sure you are not collecting any information you don’t need—if you don’t need your customer’s physical address, don’t copy it. The more pieces of information a hacker can tie to one particular individual, the more at risk that individual will be.

Invest in Spyware Protection

Always make sure your PC is protected from spyware and malware. This will add a passive protection to your active attempts to improve your info security habits. Firewalls, browser security extensions and antivirus programs can all help you not only avoid threats but they will deflect the more subtle attacks as well.

Ideally you will choose an antivirus program that will set up automatic scans, and a password vault to combat autofill forms, but if you don’t want to shell out for the higher-end models, you can still protect your PC inexpensively. Well-known brands like AVG and Malwarebytes often offer free versions of their software, so there’s no real excuse to avoid having protection.

Practice Good Data Security Hygiene

No amount of online vigilance will protect your business data if your employees are leaving important data like passwords or even client financial information around on sticky notes. Mobile devices are great for staying on top of projects outside of the office, but losing a phone could mean that important project data ends up in the hands of someone who will misuse it. Not being clear about who has access to what data can mean leaving your sensitive data vulnerable.

The most disruptive element in your security plan is almost always the human element. The best type of data security protocol you can have is the one your personnel will actually follow.

Overwrite Deleted Files

Another way hackers can access your business data is by recovering “deleted” files from your disk. Unless you overwrite the old business data, a skilled computer expert will be able to reconstruct old information, even if you’d deleted it prior.

If you can’t overwrite your files or if you will need the data later, another option is to encrypt your sensitive files. Encryption will allow you to protect your business data by making it unreadable to thieves.

Always Have a Backup

The worst case scenario is always possible, so you should always be able to access a backup of your important data. In the case of ransomware, a hacker can keep you from being able to access your files and important information normally, bringing your business operations to a grinding halt until you pay them an exorbitant fee. Having a secure disaster recovery plan can help you keep your files and recover after your business data is encrypted.

Test, Test, Test!

Implementing a strategy is fine, but your backups are only as good as the data that’s actually there when you need it. Test your backups often and test your recovery plan. Make sure your data is where you need it, when you need it. Not all backups are created equal, and some may fail to actually back up your data. Don’t assume your backups are there just because your backup product tells you a backup job was completed successfully.