Startups often proceed while wearing rose-colored glasses; they’re unwilling to acknowledge the reality of the threats that face them. If you think your small business has nothing that would tempt a hacker, think again!

According to research gathered by Small Business Trends, nearly half of all cyber-attacks focus on small businesses that don’t have adequate defenses. Hackers can reap customer credit card numbers and personal identity information, or use ransomware to get money from your purchasers.

In some cases, such as in the 2014 Target data breach, hackers will target small businesses that service larger corporations for their credentials. This shouldn’t stop you from starting a business, the constant threat of cyber-attacks faced and even suffered by small firms and startups should serve as a clear call to action for stronger cyber security measures.

1. Unprotected Wi-Fi Networks

When you visit a coffee shop or use other public-access WiFi, you’re often warned not to access sensitive information such as an online bank account. That’s because these networks are unsecured and open to hackers who happen to be on the same network.

In your office, use only password-protected WiFi for all business transactions. If you supply free WiFi to your guests, provide it on a second line that’s password protected to keep potential hackers out of the network where you may regularly access sensitive information.

In addition, business networks usually require more hardy security measures than your home network. Use WiFi with at least the standard WPA2 encryption, which requires complex passwords and other security measures to access.

2. Malware Everywhere

Malware is a constant cyber threat, particularly for small companies. This term encompasses a variety of codes that are designed with malicious intent, like viruses, worms, and Trojans.

They are usually introduced into your system through software downloads, email attachments, and operating system vulnerabilities. The best way to protect your firm from malware is to avoid clicking on or downloading attachments from unknown senders.

You can always use more robust security features like firewalls, though. You should also keep your operating system up to date.

If you’re connected to corporate offices or use a data center for your business, you might also want to consider using a secure software-defined wide-area network, or SD-WAN, service that will connect and secure entities safely over long distances. SD-WANs effectively limit the spread of malware and protect your business better.

3. Unencrypted Emails and Data

Encryption can be used to secure all sensitive data and transactions. It does not keep hackers out, however; rather, it makes the information unreadable to unauthorized parties.

In other words, your customers’ data will be totally safe, even if a hacker manages to get past all your security defenses. Data and email encryption is usually best instituted with a third-party service that plugs into your cloud security software and/or email service. That way, you can add instant protection to your customer data without having to use a cumbersome third-party system to transfer information.

4. Untrained Employees

Employees might not realize they’re doing harm to your business, but their personal Internet usage and innocence can create major problems. Employees are prey to human error: they’ll give out private information to unauthorized personnel, and personnel and make mistakes that can cost your operation dearly.

If they become angry with your company or hold a grudge, staff members might share information with malicious intent. Personal usage is also a big issue for small-business employees. When they enter a personal website on a work device, that opens a narrow doorway that hackers can take advantage of to steal information.

Providing adequate training and possibly limiting personal usage on employee devices can improve your chances of resisting or avoiding a cyber-attack.

5. Weak Passwords

Password attacks occur when a third party tries to get access to your system by learning user passwords. They can come in the form of brute force attacks or information gleaned from other accounts.

When employees don’t have strong passwords, or they leave their passwords in a file on an unprotected device, access is all too easy for unauthorized hackers. In fact, 80 percent of all cyber security attacks involve a weak or stolen password.

Since 50 percent of users haven’t changed their social media password in more than a year, and 30 percent of users still use obvious information (birthdays, children’s names, pet names, addresses, etc.) as passwords, it shouldn’t come as a surprise that access by invaders is so easily gained in this way.

Requiring your team to devise and employ more complex passwords is critical in a security-threatened world. What’s more, many firms require changes in passwords every three months as well as multiple factor authentication to keep out the riff raff.

This might seem like overkill if you’re a small business, but it’s one of the best things you can do to protect your company in an era of constant and very real ongoing threats.