In 2016 consumers were exposed to a larger number of high profile data breaches than any year previously. According to the Breach Level Index, 1,792 data breaches led to almost 1.4 million data records being compromised worldwide, an increase of 86% compared to 2015. Identity theft was the leading type of data breach last year, accounting for 59% of all data breaches. These numbers have helped raise public awareness around the serious threats to personal data that exist in the modern era, and awareness is also growing for some of the solutions that businesses and individuals can use to minimize the risks from data breaches. But is it enough?Encryption has been a buzzword in the U.S. press for the past years, but it\u2019s unlikely that consumers actually understand what it involves or how important it is. Another recent study, the 2016 Data Breaches and Consumer Loyalty report, revealed that only 16 percent of the consumers surveyed worldwide claim to have a complete understanding of encryption, with a similar proportion (13 percent) admitting that they have no understanding. If consumers don\u2019t truly understand the measures that businesses are putting in place to protect their data as this evidence suggests, they won\u2019t be aware of how secure their data is. This contributes to any concerns and uncertainty consumers may have when sharing personal data with companies.In an earlier column, my colleague, Jason, outlined some of the key questions and issues, organizations need to address when deciding where to spend their security dollars. I\u2019d like to take further and talk through additional steps needed to educate consumers about the steps a business is taking to protect their data, crucial pieces to building consumer trust and loyalty. If consumers are unsure of which protections are in place with a business, they may avoid dealing with them entirely. Any business that suffers a data breach or gains a reputation for handling customer data insecurely will see consumers move to competitors they perceive to be more secure.There are five key steps that any business must undertake when protecting their own and consumers\u2019 data:1.\u00a0Understanding data First, in order for a business to begin protecting itself, it should organize a data sweep to understand what data it has produced or collected, and where the most sensitive parts of that data are stored. This is Jason\u2019s \u201cWhere is Your Data?\u201d question. Examples of Personal Identifiable Information a business may collect include a customer\u2019s email address, date of birth or financial details. Before a business can even think about how they\u2019re going to protect their data, it\u2019s crucial that they understand what they are trying to protect.2.\u00a0Use two-factor authentication\u00a0The next step an organization should take is to adopt strong two-factor authentication, which provides an extra layer of security should user IDs or passwords ever become compromised. This is Jason\u2019s \u201cWho Has Access to Your Data?\u201d question. Two-factor authentication involves an individual having something they have \u2013 like a message on their smartphone \u2013 and something they know, rather than simply relying on something they know, such as a password.3.\u00a0Encrypt everything importantWhile two-factor authentication helps to stop information being taken in the first place, or accessed by people who don\u2019t have the correct permissions, encryption gives a layer of security which stops customers\u2019 sensitive data being used if it is accessed or stolen. This is why it is necessary for a business to understand where their most valuable data is stored before this step can occur. Whether the data is stored on your own servers, in a public cloud, or a hybrid environment, encryption must be used to protect it. Companies need to approach protection with the assumption that they will be breached and employ the encryption necessary to protect their most important asset, the data.4.\u00a0Keep encryption keys safely storedOf course, once a business is properly encrypting their data, attention must turn to strong management of the encryption keys. Whenever data is encrypted, an encryption key is created, and is necessary for unlocking and accessing the encrypted data. Encryption is only as good as the key management strategy employed. Companies must ensure the keys are kept safe through steps like storing them in secure locations, in external hardware away from the data itself for example, to prevent them being hacked.5.\u00a0Educate staff and customers\u00a0 The final step a business should undertake is educating both their consumers and their workforce on the processes they have undertaken to protect their data. And it doesn\u2019t just end there. Businesses need to employ a double-sided approach, educating both their employees and consumers on the steps they should also be taking to remain safe and protect their personal data themselves. This helps to build their understanding of how to protect the company\u2019s data, and builds consumer confidence.Only once a business has followed these steps, and educated their customers, can they be confident that they have adequate processes in place to protect their data. The importance of an adequate cybersecurity strategy cannot be exaggerated enough, with recent research revealing that almost seven in ten consumers will happily take their businesses elsewhere in the event of a data breach. Additionally, an educated population of consumers will help encourage other businesses to improve their cybersecurity, ultimately leading to a more secure environment for both companies and individuals to do business.