Use two-factor authentication. There was a time when two-factor authentication was considered a luxury, only used to protect high-value accounts. The use of a single password is no longer good enough, especially when you consider the sheer amount of data kept online these days. Essentially, everything is a high-value target. What's more, sophisticated malware can infect smartphones and automatically steal second-factor codes for online banks accounts, whisking away the money before any alert can be raised.
Use a separate password reset address. Most, if not all, online services ask for a backup email address that can be used for the purpose of a password reset. As illustrated above, configuring this to a primary email address turns it into a single point of failure, greatly increasing the damage that hackers can cause if they gain access to it.
As such, it's prudent to set the email address on an unrelated email account, preferably one that resides on a separate domain. Services such as Gmail and Outlook may be worth considering here. To avoid being a target of hackers or social engineering attempts, don't use this account for day-by-day correspondence or share it with others, and secure it with a good password and two-factor authentication.
Protect your domains. Considering paying more for private registration if it's available. This will reduce the amount of data that may be available to a hacker looking to put together a social engineering or phishing attack. Some domain registrars allow for domain names to be locked down to prevent unauthorized transfers, sometimes as a chargeable option. This may be a worthwhile investment, too.
In addition, registering for automatic renewal of domain name is a good option to prevent a domain from expiring and slipping into someone else's hands. Many small businesses may not be aware of it, but "spectators" use automated programs keep an eye on expiring domains, snatching them up seconds after they expire and offering to sell them back to the original owners at greatly inflated prices. Be sure to keep safe the administrative email account that's associated to the domain, as it has the authority to approve a transfer to another registrar.
Regularly create offline backups. For all the online storage services available today, it still makes sense to create regular backups of important data. Store them either offline or at locations that aren't easily accessible by hackers who may have compromised part of your business. A variety of storage media exists — direct attached storage such as a portable hard disk drive, a network-attached storage (NAS) device, tape drives, or even a separate online service protected with a different set of credentials.
Additional tips, which are doable if not a bit of a hassle, include using different credit cards for different service providers and maintaining separate identities for cloud providers.
Sign up for CIO Asia eNewsletters.