You may be costing your company over $20,000 without even knowing it. That’s how much the average small business pays to resolve cybersecurity attacks and data breaches. It only takes one infected file or one stolen laptop to crush a company’s bottom line. But there’s a silver lining in the dark cloud of cybercrime. You have the power to save the company from data destruction by practicing good cybersecurity habits.

Pro-level cybersecurity comes through practice and self-awareness. It requires you to scrutinize your online and offline work activities a bit more. Too little skepticism is a big problem. When a hacker sends you a phishing email from your credit card company, they count on you assuming it’s legitimate. You see the familiar logo, and so, you click the link. However, that’s a dangerous assumption to make. Throw everything you know out the window and start with fresh eyes and new habits.

Changing your work habits to be more cybersecure helps you and your employer. The $20,000 spent on a cyberattack could have gone to a raise for you and your coworkers, to increasing benefits, or to expanding the businesses. When you protect your employer’s data, you’re also safeguarding your job. Here are five things you can do today to improve cybersecurity at work.

Regularly update your operating system

Your operating system or OS is central command for your desktop, laptop, or smartphone. It’s the Captain Kirk of your devices. Unsurprisingly, it’s a prime target for hackers. Access to your OS means cyberthieves “have the conn” to your computer. They can download, install, and otherwise exploit your workstations. Taking control is how hackers steal your employer and clients’ data.

Regularly updating your OS applies critical security fixes to your Windows, Mac, or Linux software. Make your work life easier by setting up automatic updates to your OS. With this simply adjustment to your work habits, you’ll “boldly go where no one has gone before” with your cybersecurity skills.

Create strong passwords

Ever year, the published list of the top worst passwords show how little thought users give to protecting access to their accounts. Don’t be one of the millions of users who used the following horribly ineffectual passwords in 2017:

  • 123456
  • Password
  • 12345678

Whether for work or social accounts, strong passwords keep your clients’ data safe from identity thieves and data hackers. You may feel that string of numbers you created from your old gym locker combination will protect your data as well as it did your smelly socks, but that’s hardly the case. You need a strong password that’s hard to guess, not a strong password that’s easy to smell, and that gym combo is a real stinker.

Strong passwords are both difficult to guess and easy to remember. Striking the right balance is a breeze when you know the basics of creating strong passwords. Here are a few tips to get started:

Be unpredictable

If you were asked to substitute the letter “S” with a number or symbol in your password, what would you choose? You probably guessed “$”, right? If not, you’re on your way to creating stronger passwords. However, the reality is that most users would choose “$”.

Strong passwords are unique, but most of us try and make them unique in the same ways. It’s a paradox that seems hard to overcome until you know a handy trick: Randomize your letter substitutions and capitalizations. Instead of “$” for “S”, choose “&” for “S”.

Length does matter

Passwords, unlike the “Lord of the Rings” trilogy, should be as long as possible. But there is a caveat: Long passwords are harder for cyberthieves to guess — but they’re also harder to remember. At minimum, your passwords need to be eight characters long, but you can increase the character count by applying a common memory strategy: Turn long phrases into acronyms. Then turn those acronyms into passwords. Here are the steps:

  • 1. Create a unique phrase that’s personal and easy to remember. Example: “My Favorite Movie Of All Time Is Star Trek Wrath Of Khan”.
  • 2. Form an acronym from the first letters of your phrase: “mfmoatistwok”
  • 3. Apply a few random substitutions. m#mo9ti3twok
  • 4. Promote yourself to Ensign Level 2 for creating a strong password.

Use these tips to create strong passwords, and you’ll make it exponentially harder for hackers to steal your identity or your employer’s data.

Post-it notes are for lunch appointments only!

Look around your desk. How many Post-it Notes do you see? Now, of those, how many have account numbers, passwords, or other confidential data written on them? If it’s only one, that’s one too many. Your office may seem like the last place for a data breach to happen, but cyberthieves do their dastardly deeds in the physical world as well as online.

Any list of data breaches will show plenty of “inside job” examples to go along with straight-up cyberhacks. Data theft only takes one disgruntled worker, one nosey janitor, or one sudden break-in to put your employer or their clients’ private information in the hands of cyberthieves. Keep data safe by following these rules:

  • Never leave private information out in the open
  • Don’t throw away sensitive data in trash cans
  • Keep USB drives, CDs, and DVDs that contain sensitive information locked away when not in use
  • Lock your computer when you’re away from it
  • Be aware of your physical surroundings

These tips to safeguard sensitive data apply whether you’re in the office, at home, or at the coffee shop, so make them a part of your overall cybersecurity routine and use Post-it notes for lunch appointments only.

Back up your data regularly

Ransomware increased by 250 percent in 2017, affecting businesses of every size and type. Enterprising cybercriminals hack into computers, encrypt the data inside, and hold it for ransom. It’s a lucrative practice that costs employers millions every year. But regularly backing up your employer’s data takes away the profit incentive.

Use both a physical and cloud-based drive for backups. If one drive is hacked, you’ll have the other available. Most backups to the cloud sync your data automatically and let you choose which folders to upload. Talk with your employer about which files need to be backed up and which can remain locally stored. Set up a regular maintenance schedule to review your backup plans.

Get antivirus software

You can do the most to protect your employer by installing antivirus software, which protects work devices from phishing emails, spyware, botnets, and other harmful malware. But first, talk to your employer about getting comprehensive cybersecurity solution. For your personal devices, consider getting your own antivirus software. Most major antivirus brands offer free downloads of basic plans.

Just like any of your work projects, cybersecurity is a team effort that needs everyone to contribute. These five cybersecurity tips for the workplace are just a jumping-off point for your overall improvement. You now have the basics covered. Expand your cybersecurity arsenal with additional cybersecurity tips and online resources. Make sure you’re doing your part and everyone at work will benefit.