By Roy Rasmussen

The fallout from the NSA’s security breach continues, with hackers now using the NotPetya incarnation of the agency’s malware to demand $250,000 from victims to unlock hijacked computers. Experts further believe that nation-sponsored hackers are now using the malware not only to demand ransom but also to commit terrorist attacks on critical infrastructure such as power grids, government offices and airports. The latest wave of attacks underscores the need for small businesses to shore up their cybersecurity. Forty-three percent of spear-phishing cyberattacks now target small businesses, an increase from 18 percent in 2011, reflecting hackers’ perception that small companies are easier targets than big businesses with dedicated IT security teams, the latest Symantec research shows. Here are four steps you can take to help keep your company and your customers’ data safe.

Secure Your Devices and Files

Protecting your devices and files is fundamental for cybersecurity. To make sure you’re protected by the latest security updates, keep all software current on all your devices. This includes operating systems, apps and anti-virus programs. Use strong passwords to protect your devices, supplemented by two-factor authentication such as PIN numbers or fingerprints. Passwords should have at least twelve characters with a mix of capital and lowercase letters, numbers and symbols.

Schedule regular automated backups of your files. This will help keep you protected from ransomware attacks. A good way to schedule automated backups is to use a cloud-based backup service.

Use Secure Connections

Keeping your network connections secure is another cornerstone of cybersecurity. One potential vulnerability is your network router. Change your router’s default password to a more secure one, and change the name of your router as well. Log out as network administrator so that hackers can’t piggyback off your session, and disable any remote management access features. As with other software, keep your router’s software updated.

You should also use encryption for your wireless network. Use a secure network connection such as a virtual private server. When using Wi-Fi hotspots, only transmit information to sites with a secure HTTPS connection. Only allow authorized devices to access your network.

Protect Sensitive Information

Restricting access to sensitive information is also essential to protecting your business from hackers. Don’t share passwords or leave passwords written down in places where they can be easily seen. Don’t collect information you don’t need from employees or customers. For instance, use a secure third-party service to process customer credit card transactions instead of processing them on your website. Be careful about sharing sensitive personal or company information over email. Many phishing attacks pose as emails from legitimate sources such as banks or credit card providers, requesting sensitive information from business owners, administrative assistants or human resource personnel. Instead of responding to such emails, call the company purporting to send the email to verify that it is legitimate, and share any required information over the phone with a known company representative instead.

Get Identity Protection Monitoring

In the event your company suffers a data breach, it’s imperative to take action as fast as possible in order to limit the damage. A best practice for staying on top of data breaches is to use an identity protection monitoring service to automatically alert you when your identity or that one of your employees has been compromised. Offering identity protection for your employees can give you a heads-up if an employee device containing sensitive company information is stolen.

Roy Rasmussen, coauthor of Publishing for Publicity, is a freelance writer who helps select clients write quality content to reach business and technology audiences. His clients have included Fortune 500 companies and bestselling authors. His most recent projects include books on cloud computing, small business management, sales, business coaching, social media marketing, and career planning.