Understand what "reasonable" security practices means for your business.
Recognize how data breaches happen, e.g. spearphising, social engineering, etc.
Protect personal information - both in physical form and electronic.
Properly dispose of what you don't need.
If you have employees, provide them with information security training.