This is a very broad area of practice which will certainly include the use of things like anti-virus software, firewalls and regular backups as well as other practical steps you can take to secure your data. But even more importantly involves the creation and implementation of business policies and procedures that govern the use of the Information Technology system the business has invested in.
These polices must allow the businesses to operate efficiently while at the same time protect the data assets the business has created for itself.
Unfortunately there isn’t ever going to be 100% security. The key is to manage the risk.