It is almost unthinkable that anyone would withdraw large sums of money and leave it in a parked car with the windows rolled down or would go on vacation and knowingly leave their garage door wide open. But every day millions of intelligent people leave valuable personal information out in the open for cyber criminals to steal.

Tech-savvy con artists can easily gain access to almost anyone’s Personal Identifiable Information (PII) when they click on a malicious link or download infected software.  Because we can literally lose our personal information with a mere click, millions of people feel violated when they discover that their private information and identities have been stolen.

Every week, the media reports on the latest Fortune 500 company that has been hacked or incurred a major security breach. Most of the attacks we hear about originate from a foreign country or groups of hackers that want to steal PII from millions of people with a single attack.

Unfortunately, only the large-scale security breaches make the news and we don’t hear about the millions of small businesses and people who get hacked every year. The smaller breaches, along with some of the larger ones, are quietly getting swept under the proverbial rug.

This past month, I spoke with a friend who owns a small business in Salt Lake City and due to a recent security breach, was working with the police department and the FBI. The hacker didn’t steal $100,000 from the front seat of his unlocked car, but simply asked an employee at his company (via email) to wire him money. You may ask yourself, who would ever be so ignorant to fall for something like this? Surprisingly, fraudulent wire transfers, along with holding a company’s information for ransom, have emerged as the easiest, most convenient way to steal money from small businesses.

Below are a few tips that can help minimize your odds of getting hacked.

1. KNOW THE ENEMY 

   It is impossible to prevent a cyber-attack if you don’t know about deceptive tactics such as phishing, packet sniffing, and social engineering. Pay attention to unknown emails, and if they are unexpected or suspicious for any reason, don’t click on them! It is one thing to tell your family or employees “don’t get hacked” and another to explain that hackers are sending out emails that look like they are being sent from the CEO or a vendor requesting money. Educating everyone about the pitfalls of the cybersecurity underworld is the first step in preventing a cyber disaster.

2. USE LONG, STRONG PASSWORDS 

   Using your first name followed by the last four digits of your SSN, just isn’t an appropriate password. Do something novel like having multiple passwords across multiple online accounts that are frequently changed. The recent hack of Facebook founder Mark Zukerberg’s Twitter, Instagram and Pinterest accounts were compromised because he used the same username and password on all online platforms. There are a lot of free tools that can help maintain a password repository, so the informed and savvy can use different passwords for every online profile.

3. THIS IS WAR – STAY VIGILANT 

   Update your operating system and other software frequently. This is an easy way to keep hackers from accessing your computer because of old vulnerabilities and outdated programs. For extra protection, enable Microsoft product updates so that the Office Suite will be updated at the same time. Consider retiring particularly susceptible software such as Java or Flash.

4. DON’T GET SUCKER PUNCHED 

   Because of all the complexity and confusion on the Cybersecurity battlefield, businesses are spending insane amounts of money on “security” and receiving nothing more than a false sense of security. Everyone is afraid of threats they don’t understand and are all too willing to pay for ineffective “security” they don’t need. Avoid paying for unnecessary “security” by arranging your own third-party risk assessment from someone you trust who will help you develop and prioritize your own security plan.

John Pohlman is an information security expert and the Director of Information Security Services at Tanner LLC, the largest locally owned accounting and professional services firm operating in Utah.