2. Identify and take steps to shore up the weakest links in your data-exchange chain.
Weak passwords remain a consistent and ongoing problem. Whereever possible use strong 2 factor authentication for highly sensitive data. Challenge questions and images are not recommended as those can be compromised relatively easily. Instead, consider out of band authentication such as mobile device proximity, tokens, call backs to a secondary phone number, biometrics and one time passwords - all of which can reduce the risk of accidental or intentional disclosures.
Other weak links to consider include business cloud apps on mobile devices without appropriate monitoring or limits and improperly secured mobile devices (PIN, automatic recovery or wipe capabilities).
3. Know what to do if there is a breach
As an organization you also must be prepared with a good reporting process for accidental loss. If you are going to take the risk that data may be lost or leaked at some point, you must prepare for that as a possible eventuality. You should be prepared to rapidly identify how important the disclosed data is and any potential ramifications. Be ready with a a plan to identify who you contact and in what order to contact them. This includes law enforcement (usually your first contact), others with whom you share the data and the originators (or owners) of the data that was breached.
Sign up for CIO Asia eNewsletters.