Data is everywhere, and as long as it’s out there, hackers will try to get it. If your company falls victim to a data breach, no matter how large or small, you lose money and customer trust. Data shows the average consolidated total cost of a data breach grew from $3.8 million in 2015 to $4 million in 2016, and the average cost to a business for each lost or stolen record of sensitive and confidential information rose from $154 to $158.

While no data security will ever be 100% hacker-proof, there are ways to spot a scam before disaster strikes. These data security tips will help you protect your reputation and your customers.

Teach Employees Signs to Look For

Show everyone phishing emails look like, and to avoid opening suspicious emails. Run some mock phishing attacks of your own against your employees to see how well they are equipped to respond, and test the management team to see how well they’re enforcing the policies. Any email attachments should be scanned through your email’s virus scanner before they are downloaded. Links should be double checked before clicking. Teach employees to hover over the link and look closely at the URL to make sure the URL matches the proposed destination.

Set a Company-Wide Policy

Talk with your IT team or meet with security consultants to help you develop a company-wide policy on how to use the computer systems. Include what’s acceptable and what’s not, such as rules about when and how to respond to an email that looks suspicious. Outline social media usage expectations, as someone, somewhere, will have to maintain your corporate social media accounts. Leaving the websites accessible at work also opens the door to personal social media use, which could put company data at risk. Set protocols about how often employees are required to change passwords, and make sure they know how to set good, secure, passwords that they can still remember.

Implement a High-Quality SPAM Filter

Spam inundates mailboxes all over the world, and no matter what you do, you’re never going to stop it. In the first quarter of 2016, there was a sharp increase in email antivirus detections: more than 22 million, and that’s for a single antivirus solution. This number is four times higher than the first quarter of 2015. Many phishing scams start with emails that most SPAM filters will catch. However, even the highest quality filters may block out legitimate emails, so be sure to check them regularly.

Keep Your Systems Up-to-Date

Software is updated often to catch security holes that make it easier for hackers to get in. The longer you go between updates to cover those holes, the higher the risk of falling susceptible to a data breach. The easiest way to do to this is to set all computers in your office to run automatic updates, and require anyone who’s telecommuting to do the same.

Run Anti-Virus Software

No anti-virus software is perfect, but something is better than nothing. As with other software, allow it to update regularly to get new virus definitions. Run regular virus scans to ensure that no malicious files were inadvertently downloaded to your system.

Use Two-Factor Authentication

Two-factor authentication requires a second-step to successfully login, if an employee’s credentials are ever compromised. For instance, when a new-sign in happens, a code is sent to the employee via text message or phone call, and that code is required to be correct before allowing access to the account.

Scams are all over the Internet, and anyone who doesn’t know what to look for could easily put your data at risk. Teaching employees is a critical step, but without other security measures in place to act as additional protection, your data will always be at risk.