Every other week there is a new high-profile data breach in the media. From Target to Home Depot to iCloud to JPMorgan to Snapchat to the White House—and most recently the devastating attack on Sony Pictures Entertainment—there’s always a headline highlighting the loss of data and breach of trust.

But that doesn’t mean your business has to be one of them and suffer the staggering $3.5 million losses resulting from an average data breach.

Here are eight practices and products you can adopt today to stay out of the data breach club.

1. Map infrastructure-related risks.

Data risks today don’t solely originate from malicious hackers, even if news headlines suggest otherwise. A recent PwC study found that internal threats and mistakes now constitute a bigger challenge to business security than external ones, meaning that regardless of size, today’s businesses must control not just data on storage platforms, but on employee and business partners’ devices and accounts.

2. Understand who has access to data in your company.

Ask yourself: “What is the most sensitive, confidential data that our business holds, how is it handled, and who has access to it?” Create a spreadsheet matching data types and services to the employees and business associates who can access them. Make sure to include the two most sensitive types of data: customer information and intellectual property.

3. Set roles and permissions.

Once you’ve identified your assets, review levels of access and if they can be regulated via policy, or, better yet, programmatically. An important factor to consider is whether your content management platform of choice allows the depth of control administrators need to set roles for each specific use case within the company. It’s important that these are refined, limiting access and edit of important data to authorized staff.

4. Learn your weaknesses.

Most people reuse the same password across services, including work-related programs. When a big retailer or service provider is breached, there is a very real chance that corporate emails and passwords are also impacted. A similar vulnerability recently enabled attackers to gain access to millions of Dropbox accounts as third-party services integrated with the product were compromised, laying millions of usernames and passwords vulnerable.

To learn if this has happened before, start by heading over to security expert Troy Hunt’s site or Breach Alarm’s free tool and scan employees’ email addresses through their tool—their database is often updated with the latest published breaches.

5. Choose strong passwords.

To prevent a similar incident, have a strong password management policy. Educating employees about never reusing passwords across services and creating stronger passwords (aim for length over variety of characters, though) is also key.

Understandably, this requirement results in difficult to remember passwords, straining productivity. If possible, start using a password management application. They’re easy to use, automatically generate strong passwords for each service—and, most importantly, they’re secure. LastPass is a leader in this field.

6. Anticipate breaches.

There is another important reason to stay on top of security news. Within the past year alone, two major vulnerabilities were found to be lurking in widely used software—Heartbleed and Shellshock. We can safely assume that it’s only a matter of time until the next vulnerability is unearthed, and it’s important to pay attention to the news for when they come to light—especially if any of the software your business uses is compromised. Mass exploitation of these vulnerabilities can happen in as little as a week’s time after they’re disclosed, so your business is at risk if you wait around—or even worse, do nothing.

7. Select trustworthy vendors.

When choosing services to implement into your business’s workflow, it’s important not to overlook pure security for productivity benefits, an easy mistake in today’s productivity-and-cloud-crazed environment. Do your due diligence, and make sure to go with services that are recommended by security professionals and your industry’s relevant associations, which often publish guidelines relevant to your market and regulatory environment. It’s also important to make sure the services that you decide to go with include privacy policies and guarantees that will inform you when their systems are breached.

8. Go zero-knowledge.

Consider switching to zero-knowledge services for your most crucial business needs. These providers apply added security layers which make it impossible for their servers to access data you store with their service. By extension, even if someone gains access to their service by exploiting a vulnerability like Heartbleed, they would only find unintelligible, encrypted data streams. If the service applies the proper algorithms, these take several human lifetimes to decode with even military-grade hardware, negating the chance that your data gets into the wrong hands.