Ans: Some basic steps to prevent sensitive data exposure (customer details, passwords, orders, etc..) are encrypting the data, regularly perform VAPT to catch issues early, use strong passwords, open limited ports for public access, use 3 tiered architecture to prevent direct access to servers from public ports, implement WAF and secure restrict access to servers/database via VPN.
