It’s hard to go a week without hearing a new report of a massive company or other organization being attacked by hackers. Thousands of businesses big and small are hit by cyber attacks every year. Often, security measures already in place prevent a data breach. But when the attack is successful, it can take a long time — and lots of money — to fully recover. For small business owners, that recovery effort can lead to financial ruin, causing them to shut their doors for good.

Sound security is absolutely vital for small and big businesses alike. Even if you do financially recover after being hacked, you could lose your customers’ trust. After all, would you want to give your personal information to a business who already had it stolen before? Though hackers come up with new ways to access private data every day, there are a few rather simple steps you can take to prevent cyber attacks on your business.

1. Beef Up Your Password If a hacker can quickly guess your password, that’s all they need to access everything else. Many hackers are looking for quick, easy “hit jobs” and simply give up if they can’t get past your password. That’s not to say they are simply typing in different words and phrases, hoping to guess the right one to get access. Rather, they are using software to try hundreds, if not thousands, of passwords a minute. But even this software can be beaten. Make sure your password is at least 14 characters long, and can’t be found in a dictionary. You can use a password generator to create a string of random letters, numbers and symbols that is practically impossible to guess.

For every account, you should have a separate, long password. Once you have your passwords, don’t save them in autocomplete on your browser. Writing them down and typing them in every time is the most secure method, but that’s not always practical. If you want to save them on your computer, use a secure password manager to keep track of them all.  With a manager, you just need one extremely secure password (think 24 characters) to use as a master key.

2.  Be Wary of Emails or Calls Regarding Your Accounts It is common for banks, online services and other businesses with which you have an account to contact you periodically via email. However, it’s also common for hackers posing as those businesses to contact you in the same manner. If you are contacted by your bank or someone else who you gave your personal information to, be especially wary.  “Phishing” emails will often look very official. For instance, a fake email from Wells Fargo may use an email address with two v’s together instead of a w.

If you are asked in an email to change your password, and a link is included, type in the true URL into your browser to manage your account instead. Phone calls could be an especially big red flag. It is not common for banks and other institutions to call account holders. When they do, they will almost never ask for a password. If you receive a call like that, tell the “representative” that you will call back, then look up the official phone number for that institution to call back.

That small step of verification could keep you from being hacked. There are any number of ways a hacker can try to attack your business. However, they will often go for the easiest methods first.