You can never really tell if your small business is going to be hacked.  But the likelihood is high.  In fact, according to a 2015 report, 62% of small and medium sized companies have been hit by a data breach.  Even if you take every precaution, you’re still at risk.   But if you ignore this situation you’re putting yourself and your company in danger of a serious disruption, loss of information and potential liabilities.  Are you in trouble?  The hackers are looking for weaknesses and, when found, they’ll pounce.  If you are doing (or not doing) any of these nine things you’re definitely more at risk of being hacked.

1. You have higher than average employee turnover.

Some industries, like fast-food restaurants or seasonal businesses, have more turnover than others.  But if you’re losing employees more than the norm than there may be a reason behind this – like lower than average pay, less than fabulous working conditions, etc.  When employees leave they sometimes take data with them – usually inadvertently but sometimes on purpose to use with a competitor or other vengeful reasons.  Re-address your employee concerns and do your best to limit turnover – you will reduce a chance of a hack that way.

2. Your staff is remote and/or mobile.

When employees are moving around they are moving around with your data – it can be easily lost or stolen.  If an employee or contractor is remote then they are connecting to your database through online services and these have a chance of being hacked.  Work with an IT person to make sure you have strong data management and connection tools in place for these remote people and make sure they’re being monitored.

3. You have no IT support.

Speaking of an IT (information technology) person:  get one.  Even the smallest of companies are exposed to a data hack.  Paying someone to evaluate your risks, install software, monitor activity and keep things up to date is a critical and essential business cost – even the work is done monthly (it all depends on your size and activity).

4. You do not buy security software.

Subscribe to one of the great security applications like McAfee, Norton, Malwarebytes or Bitdefender.  There are many others.  These software applications are inexpensive, run quietly in the background of every device and are checking for malware, viruses, infected websites and other tools of the hacker.  Make sure this software is always updated.

5. Your employees do not get trained.

Most security problems, particularly at small companies, are from employee-related errors – clicking on bad websites, opening up infected files, etc.  Invest in a day of training a few times a year with a good IT security firm so that your employees are well aware of potential problems and can avoid doing dangerous stuff.

6. You have no procedures for securing data.

If you are handling health, financial or other personal information about your customers, and it gets stolen, you could have a big problem on your hands.  Keeping this data in an unprotected place means that hackers are going to find it.  If this is you, then you’re going to need procedures and policies around the safeguarding of confidential customer data.  And after they’re written training will be required to ensure that your employees are complying.

7. Your computers and operating systems are old.

Thousands of computers around the world are still running older, out of date versions of Microsoft Windows.  All hackers need is one vulnerable computer to attack and then can get on a network and wreak havoc.  One of the best ways to avoid a hack is to ensure that all of your computers are running the most recent versions of Windows or iOS all the time.  If a desktop or other device is too old to handle the new operating systems then buy a new one.  The cost will pale in comparison to the cost you’ll incur if you’re hacked.

8. You have no BYOD policy.

Are your employees allowed to bring their own devices (a BYOD policy) and use them for work?  That’s what most companies do. Unfortunately, this can create security issues if they are not monitored.  Many companies use remote management software to install company apps on their employees’ devices for a secure access while other companies issue their own devices to their employees which have been secured.  So, what is your Bring Your Own Device policy?  Every company must have one and every company must have an IT person monitoring those devices.

9. Password changes are not enforced.

Most people are pretty complacent with passwords – the most common one, if you can believe it, is still “1234.”  You must require a more complicated password for your employees to enter your network – a combination of letters, numbers and symbols – and this password should be required to be changed every month or two.  That way passwords are more difficult to hack and hackers may move on to another easier target.

No, you can’t completely avoid being hacked.  But if you’re doing these nine things you’ve increased your changes a whole lot!

Next steps: Want more small business tips as you work toward your entrepreneurial goals? Sign up for the Small Biz Ahead newsletter today.