You should care about your privacy online even if you think you have nothing to hide. A key aspect of privacy is being able to choose what information you share publicly and what is private. Would you want your bank account balance displayed for anyone to see? What about your medical history?

Encryption is a vital tool for protecting private communications online from unwanted eyes. We use it every day, often without even realizing it. But, encryption is not magic. If you want to better protect your privacy online, here are five steps you can take right now:

1. Use End to End Encryption for all Messages: End to End (E2E) encryption is a way to secure the messages you send via email or a messaging app so that they can only by read by those you intended to read it including your friends, bank, doctor, etc. Read the fine print – not all encrypted services are E2E. Use messaging apps that have E2E encryption (e.g. Signal, Wire). Encourage your friends and family to switch to an app that has E2E.  Remember that sending an unencrypted message is like sending a postcard. Anyone can read it and you wouldn’t even know. One popular method of setting up encrypted email is via Pretty Good Privacy (PGP). You can read how to do it at http://openpgp.org.

2. Use a VPN: A virtual private network (VPN) will encrypt your Internet traffic and send it through a server that physically sits in another location. It acts like a tunnel. This means that your Internet Service Provider (ISP) will no longer be able track your online activity, but will only see traffic coming in and out of the VPN.

3. Use an SSL Browser Extension: Many websites can encrypt the information you send and receive, typically using a protocol called Secure Socket Layer (SSL). If you do your banking or shopping online, you may be familiar with SSL already. Many browsers will show a closed padlock symbol when a website is using the protocol. Browser plugins and extensions like the open-source HTTPS Everywhere will ensure that if a website offers an encrypted SSL connection, it will use it.

4. Secure your Devices with 2-Factor Authentication: 2-Factor Authentication (2FA) is a way of providing additional reassurance that only you have access to your data. (For greater data security, you should use this with encryption.) With 2FA, two factors must be compromised to gain access, rather than just one. They should be different kinds of factors, such as one thing you know (e.g. a password or an answer to a security question) and something you have (e.g. a hardware 2FA device like a YubiKey). A YubiKey is almost like a car’s ignition key, but for your computer. It means you’ll need a small USB key, plus a username and password, to access your files or log in to your apps and services. You can even keep it on your key-ring.

5. Change your Internet and Technology Habits: The methods above provide some specific ways to protect your data during certain online activities. However, they are only as effective as the person using them. Be aware of when you are being protected and when you aren’t. Shape your online activities and preferences towards safer options (e.g. use E2E and 2FA, turn privacy settings on, be deliberate about what you share). But, remember that no method offers perfect protection.

The story still strikes fear into the hearts of IT departments: As many as 70 million credit- and debit card accounts were compromised in less than a month during the Target data breach. While Target’s internal security team was using all of the right protocols, it was an external contractor who ultimately provided the way in. No matter how locked down an IT department is, most breaches occur when a third-party provider is involved, allowing the leakage of critical data such as passwords or IP.

Any business running multiple cloud-based apps—and today, that’s most of us—runs a high risk of exposure through data leakage. Here are five ways to keep data protected, and secure this year.

1. Identify Critical Data

First, businesses must recognize how to identify their own critical data. This means being able to categorize what data is in need of the most protection and how to utilize data loss prevention (DLP) software to protect any sensitive information. Depending on industry, this could mean PHI, financial statements and blueprint or strategy checks.

Since DLP relies heavily on proper classification of information, organizations should actualize a data protection strategy, primarily targeting sensitive documents and their handling. This is a progressive strategy; you can’t tackle everything at once. First, classify types of data to the concise policies of your organization. Prioritize small modules and target key endpoints to provide employees with learning opportunities before wider deployment. Then take an objective review period for initial results.

2. Monitor Access and Activity

The next step in preventing data leakage is to closely monitor traffic on all networks. The ability to automatically discover, map and track what is deployed across your entire business infrastructure provides a picture of your network in real-time.

Because the average hacker conducts reconnaissance within a network for six months before actually breaching a system, businesses need to identify anomalous behavior before a breach occurs. Monitoring tools supervise access and activity, notifying administrators of red flags when an employee downloads, copies or deletes information.

A Data Activity Monitoring (DAM) solution can provide another layer of protection by detecting unauthorized actions. While a DLP’s focal point is on network and endpoints, DAM targets database activity. Using both solutions concurrently provides broader protection through the layered use of monitoring and alerts, and blocking suspicious users or activities remotely.

3. Utilize Encryption

If your business has not already done so, you should consider encrypting any private, confidential or sensitive information. While encryption is not impenetrable, it remains one of the best ways to keep data secure. A carefully implemented encryption and key management process renders stolen data unreadable and useless.

Enabling encryption across different points of your network—including data at rest and in transit—can provide significant protection from even the most advanced attacks. Businesses should enable a layered defense system through proactively monitored and managed encrypted networks.

4. Lock Down the Network

Being able to lock down your network needs to be be a primary focus of prevention efforts. With the rise of mobile technology, data leakage also is experiencing an uptick. While many employees are aware of the steps that must be taken to safeguard sensitive data, some simply do not recognize their practices as unsafe. This can be mitigated by frequent tutorials and practice testing of good practices.

5. Endpoint Security

Since data also leaves networks through exit points within IT infrastructure, businesses can more effectively manage data loss risk by choosing DLP solutions that monitor and act at these exit points. This allows IT staff to determine what confidential information is leaving and when and through what specific channel or device.

With the BYOD trend growing in businesses of all sizes, endpoint management needs to be an essential part of your company’s security. Securing BYOD has become much more difficult, due to both geography and the multitude of platforms that must be supported, but the placement of effective controls can enable companies to follow the movement of data.

Retaining central control with the ability to monitor personal devices connected to corporate networks allows holistic observations of your network. Without this endpoint protection, data breaches can go unrecognized for longer periods of time, exacerbating vulnerabilities.

Beyond the fundamental steps to secure data, such as network firewalls, intrusion prevention systems, secure Web gateways and endpoint protection tools, more effective threat response begins with advanced security monitoring, as previously mentioned. Employing effective security technologies, as well as implementing best practices, can go a long way in preventing data leakage.

A Multi-step Solution

The keys to preventing data leakage are manifold. Identifying critical data, monitoring access and activity with a combination of DLP or DAM solutions, utilizing encryption, retaining control of your network and using endpoint security measures all equal a fine-tuned and customizable program to protect your entire organization.