February 26, 2025 - Many businesses are only just adapting to the first cybersecurity revolution. Thinking about the threat of quantum hacking — the next worrisome frontier — may feel overwhelming. But there are things you, as a leader, can do to prepare and keep your data safe.

In the prior article in this series, we explained what quantum computing is and why it will pose such a threat to businesses once the technology is fully realized. In this article, we share best practices for security implementation. Remediation is possible. It just requires forward-thinking and alertness. If you are reading this article, you have already adopted the right mindset.

What follows are the key steps to take now to protect your business from tomorrow’s quantum cyber threats:

• Educate your key stakeholders about quantum security
• Take stock of your sensitive data
• Develop a data retention policy
• Protect your potentially breachable data Follow new research

Educate Your Key Stakeholders About Quantum Security

The first step to quantum preparedness is getting buy-in from your leadership. Ensure your senior leaders are aware that the quantum hacking threat is coming — that it is not a far-off concern, but something that needs to be worked into your company’s five-year strategic plan.

Researchers are already cracking these security protocols today, and it will not be long before bad actors are too.

Take Stock of Your Sensitive Data

Once you have the team on board, make a plan and take stock of your data that needs protection. Push your team and each department to answer questions such as:

• What data do you store?
• Where is it stored?
• Who has access to it?
• What are the current defenses you have protecting your data?

This process will tell your team all the potential targets that bad actors may attempt to exploit with quantum technologies and can prepare. Once you know the answers, please store them securely. No document could be a more tempting target to cybercriminals save a Word document full of passwords.

Develop a Data Retention Policy

One of the best and easiest things you can do to protect your data is to minimize how much data you store. Certain data, like credit card details, expire within a few years, but others — like personal or health data — remain sensitive indefinitely. If you don’t have a reason to continue to store a given type of data and have no plans to repurpose it, the safest thing is to delete and thoroughly eradicate it from your systems. The less data you have to protect, the smaller your attack surface area.

Work with your leadership to develop a  that sets clear rules around how long teams can store certain types of sensitive data and the process for securely deleting it once it is no longer in use.

Protect Your Potentially Breachable Data

What about sensitive data you need to run your business and can’t easily delete? Focus your security resources there.

Today, most businesses have sensitive information on their file servers that can be accessed through online portals or remote computing. Minimizing the amount of data that is exchanged on the open web will protect it. This isn’t always realistic in today’s connected world, especially if your business relies on many contractors.

Still, if sensitive data sources don’t need to be shared, adopt a posture of “least privilege access” and make them unavailable by default.

Another option is to increase the encryption of your sensitive data as much as possible. If your company uses 28-bit encryption, increase it to 56-bit, which should be a setting in some of your software. This will not work forever, but it will make it as difficult as possible for bad actors to decrypt your data until new post-quantum cryptography algorithms emerge to help.

Follow New Research

Quantum computing is an evolving field, and the available solutions and best practices are constantly changing. A great source to follow is the National Institute of Standards and Technology (NIST), which produces guidelines, resources, and best practices for all realms of cybersecurity, including quantum.

Technology leaders like IBM and Google are also currently pioneering post-quantum cryptography algorithms, some of which are already commercially available. Still, it is important to note that quantum cybersecurity isn’t something you can just outsource to a tool, no matter how advanced it is. Like pre-quantum cybersecurity, true security means enacting an entire series of policies and practices you must integrate into every facet of your business to keep your data safe.

Prepare Your Business for the Quantum Hacking Threat

Quantum hacking is not a far-off threat, but it is nearly here now. Once quantum computing goes mainstream, it will upend all our assumptions around classical computing — and, most critically, the security standards we’ve all relied on for years.

There is a lot your company can do in the here and now to keep your data safe. Our team can help you run a cybersecurity audit to consider all facets of your business, analyze your ERP system and other software, and develop a quantum security plan.

If you are interested in discussing your firm’s cybersecurity readiness, please reach out to our Cybersecurity Practice.