The internet has opened many doors for entrepreneurs, whether it’s cutting out the middleman and bringing their products directly to consumers, or making it easier to do business across borders. At the same time, an increased reliance on all things digital makes businesses vulnerable to new threats. If you haven’t already prepared your business for the possibility of a cyber attack, these five steps will help you start addressing online threats.

Don’t underestimate the threat

Many small business owners make the mistake of thinking their operation is too small to be targeted in a cyber attack. In reality, statistics show that almost half of all cyber attacks are on small-to-medium sized businesses, and 60 percent of the businesses that are victim of an attack go out of business within six months. One of the reasons small businesses are vulnerable to attack is because they are small, which often means they don’t have the technical resources, staff and know-how to protect themselves online.

Understand types of cyber attacks

There are many different ways criminals try to scam you online. Some of the most common types of attacks are:

• Hacking: criminals gain access to your device or IT system to steal information;
• Malware: viruses or spyware placed on your devices to steal information;
• Pharming: when your organization’s legitimate website is redirected to a similar-looking but phony website designed to capture information;
• Phishing: fake emails, texts and websites asking for your personal information; and
• Spam: the mass distribution of unauthorized messages to your contact list.

Identify where you are vulnerable

There are a few places where your business might be vulnerable. First, since so many people rely on their mobile devices for both work and personal use, you often don’t know what programs your employees are downloading on their phones – some of which might compromise your data.

Second, having poor passwords protecting your information is a common vulnerability that hackers exploit. Third, ecommerce sites are especially attractive to cyber criminals, since they hold valuable customer data. Finally, your employees are a risk, most often by inadvertently compromising your data (for example, by falling for a phishing scam).

Create systems and processes that protect you and your business.

To protect your business, you’ll want to create a risk management plan that addresses your specific vulnerabilities. This could include installing firewalls and software that protects you from viruses, spyware and phishing attacks; encrypting your wireless network, drives, folders and files; establishing different systems for your payment processes and other business functions; and creating processes to regularly update your operating systems, browsers and systems software.

Depending on your expertise, the level of risk you face based on your vulnerabilities, and the amount of sensitive data you collect – especially customer data – you might want to consider hiring professionals to help. The money you pay for their services could be well worth it if they help prevent an attack that could end your business. Look for experienced IT security firms that can dedicate specialist teams to thoroughly understand and work on your company’s requirements.

A key part of your prevention plan is employee education, including teaching your staff how to detect suspicious emails and pop-ups and implementing a strict password policy. You might also introduce policies that help you keep your company’s data separate from your employee’s personal devices. Speak to your employees openly and honestly about why you’re making these new policies so that they understand that these security measures are more about protecting your business and your clients, and less about not trusting them.

Protect your business with cyber liability insurance

As a final layer of protection, cyber liability insurance provides coverage in the event that you are sued due to a breach of your company’s data. This can be particularly important for small businesses, since one claim could shut down your shop.

These steps are a great starting point for mitigating online risks, but since the digital landscape changes so quickly, make sure that you keep on top of new trends and issues as they arise. While cyber attacks are a very real threat to small businesses, you’ll be able to rest easier knowing that you’ve taken the necessary steps to protect your operations and your customers.