Just getting online is a big deal for any small business today. The costs associated with building, designing, and launching a website can set you back quite a bit. So imagine you have spent all you need for an impressive site, including making sure your customers are aware of the launch, only to get hacked shortly after.

Sound like a worst case scenario? Think it will never happen? Quite the contrary. USA Today reports that a survey conducted in 2013 by the National Small Business Association found that a whopping 44% of businesses had been hacked, averaging losses of $8,700. Not exactly the bill you want after you spent all that money just to get up and running.

The ideal way to avoid getting hacked and having to start all over is to be proactive. Don’t just sit by passively and hope that nothing happens, take steps to make sure that it doesn’t. In order to help you do so, here are 5 easy tips to help you get started defending yourself from cyber crime.

1. Don’t Access Your Site at a Wifi Hotspot

When you have to go on the road for your business, you still want to stay just as active in developing it and growing it as much as you can. That is great, just make sure you avoid public wifi hotspots like the plague. Most wifi hotspot providers don’t encrypt the data that is moving between your computer and the internet, estimates putting the amount of unencrypted traffic through hotspots at roughly 95%. All that means is that your private information is free game to anyone who might be sharing that connection.

2. Be Password Savvy

Stop using your dog’s birthday as your password. A good password should be hard to guess. So hard, in fact, that it actually doesn’t even resemble a written language. A great password will have upper- and lowercase letter, numbers, punctuation, and anything else possible. True, a password like that is harder to remember, especially if you get into the very good habit of changing it every few weeks, but it is worth it. You can also use secure password storage tools like LastPass to help you out.

3. Keep Unknown Emails Unread

This may be the most obvious, but it is still important. If you do not know the sender of an e-mail, do NOT open it. Especially do not open any attachment that may be coming with that email. Make sure your employees know also because as much as 90 percent of attacks get through thanks to employees opening and following phishing links found in emails. For any suspicious looking sender, check the IP address on Google and see if they actually are who they say.

4. Use Two-Step Verification When Possible

This is a simple step. Many sites now use a two-step verification process that allows you to use both a password and a code that may be sent to your phone. Only the person with the phone will know the code, so you get an extra layer of protection absolutely free.

5. Get Protection From Professionals

When all is said and done, you will still be at some level of risk. Find a way to fit hiring either a cybersecurity professional for your IT department or working a third party company into your budget. It costs a little more, but it definitely pays off.

In essence, be smart about your practices on the web. If you are not 100% certain that what you are doing will is safe, then you probably should avoid it. Take action to ensure that the business you built will last.