Just because you’re a small business doesn’t mean you aren’t at risk of a cyber-attack. No business owner should be lax about their cyber security practices. Did you know last year 71 percent of all cyber-attacks in North America happened to businesses with less than 100 employees? With such staggering statistics, it’s so important for businesses to follow the computer security best practices and protect yourself.

Here are twelve computer security best practices to use as a model:

Best Practice #1: Install a computer firewall

A basic computer security best practice is a firewall. This is your first line of defense, a barrier between data and cybercriminals. An external firewall and internal firewall should be used to provide protection. Two firewalls are better than one. For employees working from home, encourage them to have a firewall installed on their home network as well.

Best Practice #2: Install anti-malware software

A recent analysis on computer security breaches found that 30 percent of employees open phishing emails at work. These emails often can include installing malware or clicking a link installing malware. These phishing attacks can easily be guarded against with anti-malware software installed on your computer.

Best Practice #3: Hire managed IT support

If you can afford to do so, you want to hire managed IT support to handle protections and emergencies. The reason why small businesses are so appealing to cybercriminals is that the networks are less secure and easier to breach. The IT support will follow the computer security best practices to maximize your security. Their duties involve installing and maintaining security programs and securing endpoints.

Best Practice #4: Educate employees on computer security

Employee action oftentimes can lead to openings in a business’ computer security. This makes educating employees a necessary action to take. Any employee accessing your computer network should receive computer security best practices training.

Best Practice #5: Safe password practices

A recent analysis on small business data breaches found that 63 percent of them relate a password that was either weak, lost, or stolen. As a computer security best practice, employees should be tasked with having strong passwords and to change them every 60-90 days. It is recommended for companies to make it mandatory for passwords to include at least one upper-case letter, one lower-case letter, a number, and a symbol. This formula is what gets you the safest passwords.

Best Practice #6: Multi-factor authentication

As human beings, we are all prone to making mistakes which could impact business computer security. Multi-factor authentication adds extra protection. This computer security best practice can be as simple as requiring employees to put in a PIN or password as well as their cell phone number. Create a simple, multi-password network access protocol which further restricts access to any cybercriminal who may have one passcode but not the other.

Best Practice #7: Document protocols

Document your computer security protocols. Use this to evaluate and determine if you’re instituting enough measures to guard against attacks. Your computer security should be made official and in writing. This way, if you were to hire new IT security specialists, or receive outside assistance treating a breach or security issue, you have a clear document of the computer security best practices to give them.

Best Practice #8: Include security practices for mobile devices

Hackers aren’t just aiming to tackle computers and laptops. Smartphones, smart watches, and even fitness trackers with a wireless connection are at risk. Security precautions should be implemented on these devices as well, including automatic security updates. Furthermore, a company’s safe password practice should also apply to these devices and any mobile device accessing your network.

Best Practice #9: Back up all data regularly

Even though we can protect and even overprotect against a computer security breach, be cautious. The possibility of a breach is always there. Back up all word processing documents, spreadsheets, databases, financial files, HR files, and accounts receivable and accounts payables. Store all this data in a separate location offline. Check the data after you back it up to ensure function. If your network’s ever taken down and you lose the data on it, you haven’t lost a way back to accessing it.

Best Practice #10: Use a VPN for remote employees

A virtual private network, or VPN, allows users to connect to your company’s network through a server located somewhere else other than your office. Why you want to do this with remote employees is because this connects them to a central server. If a hacker happens to gain privileges through a remote employee’s server, a VPN will be another step they have to crack before intruding on your network.

Best Practice #11: Do not share info publicly

This computer security best practice may seem obvious, but ensure personal information of employees is protected and encourage them to keep their info private. Things like credit card numbers and passwords to social media accounts are ways that, if a hacker has access to them, they can do digging to find further information which could potentially allow them access to your computer security.

Best Practice #12: Destroy data that is no longer needed

Have a policy in place that destroys any intellectual property, trade secrets, and/or personal employee data no longer needed. Although this will be rarely used, a policy can be helpful in establishing the process by which confidential data will be handled on an employee or client’s departure.