1. Classify, encrypt and protect 'high-value targets'
This is what the government already does. Businesses need to encrypt safe data, decide who needs access to what information and build its strongest walls around individuals or information that might be most appealing to cybercriminals.
2. Have a plan
Don't wait until there is a breach to do something about it. Chances are, by the time you recognize something is wrong, criminals have already done a lot of damage.
"The average time to discover a breach is 211 days," Goodman said. "For seven months, the bad guys are in your system and taking what they want."
3. Create a united front
"Most companies say, 'Oh, I have a CIO, they will take care of it,'" Goodman said. "That's bull."
Top executives in every department of a business need to be involved and working together to ensure security remains a priority, he said.
4. Not everything needs to go on a computer
Create "air gaps" by leaving some information on computers that are not (preferably cannot be) connected to the Internet, or leave some of the most precious information offline entirely.
5. Test assumptions
Don't let criminals be your security testing team. Work with security experts who can break into your systems as criminals would and identify holes or ineffective measures.
6. To defend, attack
Trying to keep cybercriminals out with measures like firewalls is no longer enough, Goodman said. Many can get past them. Instead, hunt down criminals who may be in your networks.
Individuals and companies must protect themselves. This means more than having an identity theft protection company such as LifeLock or IDShield monitoring your credit, something most people do only after the crime has been committed.
Sixty percent of identity theft happen to small businesses.
Cybersecurity expert Marc Goodman recently outlined six ways for small businesses to fight back: