The security vulnerabilities a business faces are usually in four areas: information technology, employees, the building, and intellectual property. In Sally's case, these issues are compounded by a sprawling network of 3500 stores in 11 countries. Unfortunately for Sally Beauty customers, a failing in security has led to two security breaches; one in March 2014 and most recently in May of this year. The company has stated that customer credit and debit card information was accessed both times, but the extent of the breach has yet to be released. Insecure operations leave your company open to losing valuable intellectual and tangible property. You may also find yourself losing customers as well, as most people would rather do business with a company that can ensure the privacy and protection of their information. Here are four factors that may have led to Sally Beauty Supply's multiple security breaches – and how your company can avoid them. Assessing Information Technology Security The first area of operations security that you need to evaluate is IT and electronic communications. This most likely where Sally Beauty went wrong. Much of this part of the assessment requires the help of a knowledgeable IT professional, but at the most basic level, this means ensuring all antivirus, firewall, and applications such as Flash and Java are up to date. Once you've covered the essentials, you need to start looking at the security of your company's website, as well as the internal network and databases. This is where you need to enlist the help of an IT professional who can identify vulnerabilities in your system, especially any e-commerce activities that require customers to provide personal or financial information. He can then make sure they're properly patched to avoid exposing your business -- and your customers -- to hackers and thieves. You also need to determine if your current passwords are secure. Passwords for things like routers and other devices or programs that have default passwords such as "admin" should be switched out for something unique. Likewise, check for any security keys that were created by a representative or technician of the company that sold you the application or device and change them to something that's only known to members of your organization. Finally, evaluate the procedure the company uses to get rid of old computers. If you're not taking the time to permanently erase or destroy the hard drives, someone could easily dig them out of the trash and run off with the brains of your business. Assessing Employee Security Employees are one of the weakest points in a company's operation security, as they're the ones who work with most of the sensitive information every day. Sally's security breaches may have come at the hands of cashiers who may have collected the credit and debit card information with hand-held skimming devices or by accessing the information from the register. Evaluating this area starts with assessing the process by which you hire workers. Background checks are a must for positions that require access to the business's financials or other important documents. Consult with an attorney to reassess any non-disclosure or non-compete documents you make new employees sign and ensure they fully protect the company. You should also change position-specific passwords when an employee leaves to ensure they cannot continue to access sensitive material once the working relationship ends. Make sure you're keeping account of things like company-provided mobile devices and put standard operating procedures in place for handling lost or stolen electronics. Evaluate the measures that are in place to monitor employee computer use and perform regular checks of email and social media communications to head off leaks. Assessing Building Security No operation can be fully secure if the build it's housed in is vulnerable. Since Sally has over 3,000 stores, it's very possible that thieves broke in and stole computers or other equipment that contained sensitive customer information. Beyond fundamentals like making sure all doors and windows have working locks, you need to gauge the effectiveness of your security system. Check for blind spots in camera views or vulnerabilities in the alarm system, such as weak passwords or visible wires that can easily be cut by thieves. The question of who has access to the keys is another facet of building security. Master keys should only be in the hands of security and essential or high-ranking personnel, while regular employees only need have the keys to access the areas in which they work. You should also have a record of how many keys there are and exactly who has copies. If you haven't already done so, you may want to look into the feasibility and necessity of key cards or other electronic means of access. Assessing Intellectual Property Security The most valuable asset a business has is its ideas, but this area is often one of the most under-protected. It's unlikely that Sally was a victim of intellectual property theft, but it's still an important consideration for businesses. Make sure all patents, trademarks and copyrights are in force and up to date. Check the duration of each registration and renew any that have lapsed. This protects you from other people claiming – and making money from – your ideas.