Here’s a sobering statistic: Roughly half of the nation’s adults have had their personal information exposed by hackers in the past 12 months.

That stat comes from the Ponemon Institute, which calculated it for a recent CNNMoney story.

Researchers found that hackers have exposed the information of about 110 million Americans. Included in that number are 70 million Target Corp. customers, 33 million Adobe users, 4.6 million Snapchat users and others.

In light of recent security attacks, we asked a couple of security experts for advice on what your business can do today to protect itself from 
a security breach.

1. Clearly define your procedures.
The first step, said Riggins, is to clearly define information security policies, standards and procedures. Have a documented plan for how you will secure your organization. This includes making sure employees understand their responsibilities and limitations in how they use computer equipment that houses corporate data. It includes a data classification policy that identifies what level of protection you need for a given piece of data. For example, merger and acquisition information is very sensitive, while public data is much less so. Finally, have well-defined procedures on how to implement the security controls you’ve identified as being important.

2. Actively monitor event logs.
Businesses need to keep a close eye on the security event logs generated by the systems they have in place, Nelson said. According to the 2014 Verizon Data Breach Investigation Report, 88 percent of all Web application breaches and 99 percent of all point-of-sale breaches were discovered by external parties. That shows that internal monitoring is either not occurring or is mismanaged. 

3. Be careful with outside devices.
Many companies allow, or even require, employees to access company data by personal computers, tablets and smartphones. Those devices are typically not secure and have serious gaps that can lead to a direct compromise of data, Nelson said. When allowing employees to access your server or systems from their own devices, consider the security and privacy issues that can arise.

4. Know where your sensitive data resides.
Understand where sensitive data is and apply appropriate controls, Riggins said. “Having a clear understanding of your most important data will allow you to focus your information security investments most effectively,” he said. Common types of sensitive data include any personal information of customers, such as names, addresses and Social Security numbers. It could include medical data that falls under Health Insurance Portability and Accountability Act regulations, financial data, intellectual property or transaction activity.

5. Prepare for the inevitable.
Odds are high that your company will have a data breach at some point, Riggins said. So it’s important to have a clearly defined process and incident response plan to help mitigate the effects of a breach when it does happen. Define what you will communicate to employees, the press, customers and regulatory agencies when necessary. Another good practice is to determine the root cause of the breach to ensure that it doesn’t happen again.