From startups to Fortune 500 firms, one of the biggest security concerns for any business is a cyber-attack. That fear is understandable. Cyber-attacks can easily – and almost effortlessly – devastate a company’s reputation and finances. Just ask Sony, which spent $171 million to clean up data breaches to its PlayStation Network in 2011. Or talk to officials at the banks that lost $45 million in 2013.

It’s nearly impossible to make your business immune to cyber-attacks, but you can greatly reduce your risk and limit the damage. Hackers like to keep things simple. If you make your systems harder to get to, attackers are less likely to bother. Here’s how you can get started.

Use different passwords for different applications 

Using the same password for everything you do might seem easy, but here’s the problem. If cyber attackers crack your password at one site, they’ll quickly have your whole life. It’s a growing security issue for individuals and small businesses.

Your email should have a different password than your social media accounts, which should have different passwords than your bank accounts, and so on. That way, if one of your accounts is breached the others will remain safer for longer.

Create complex passwords

If your password exists in the dictionary, hackers have programs that can crack it in about half a minute. Make sure your passwords are not real words. Incorporate numbers, symbols or random capital letters.

Once you have complicated, unique passwords for all your sites and applications, change them often. Don’t worry about keeping them all straight. There’s an app for that.

Physically protect your hardware 

Even today, one of the most common ways technology is hacked is after a computer is stolen. Middle-of-the night office heists happen, and spies have been embarrassed when their laptops were boosted at a train station.

The laptop solution is obvious: Keep it with you or make sure it’s out of sight and locked up if you leave it in your car. At the office, retrofit desks with computer locks or invest in new furniture designed to deter computer theft.

Encrypt your data 

Encrypting your data means you’ve applied a code that can’t be cracked without a “key” or password. Doing this won’t keep you from being attacked, but it will keep the attackers from using your information. It will also keep hackers from encrypting your information for you and demanding ransom in exchange for the key.

Most computer operating systems have encryption capabilities. Make sure you activate it on all your company’s computers, and make sure employees who telecommute regularly or work off site occasionally do the same.  Any data that travel over the Internet is at risk – and while you’re at it, make sure your WiFi network is protected with a complex password, too.

Install anti-virus and anti-malware protection programs 

Installing anti-virus software is easy. In fact, most computers sold today come with it already installed, but that doesn’t mean your work is finished. The software still will need updated regularly or it won’t guard against new threats.

Many anti-virus and anti-malware programs can be set to update themselves automatically. If yours doesn’t, set up a reminder to do this at least weekly.

Hire a security consultant 

Sometimes it can help to think like the bad guys. That’s why security consultants are so valuable. They can analyze your hardware, software and procedures and figure out a way to destroy you. They won’t, though. They’ll help you fix the problems so that the real bad guys stay at bay.

An in-house IT person could handle such an audit for bigger companies, but it never hurts to have fresh eyes look at your setup. An outside audit every six months is a great guard against tunnel vision.

Delete unneeded information 

One of the basic rules of avoiding a cyber-attack is the less information you have, the less danger you’re in. Delete any business information on your computers that you no longer need.  Every few months do a purge of the company computers, making sure that they no longer have files the company doesn’t need.

Back up your data 

If all else fails, have a backup plan – or, in this case, backup data.

There are programs that will do this automatically, too. Run these once a week so you’re ready in case a hacker, or even a technical glitch, wipes you out. Make sure you store the backups off site or, at minimum, off your network on an external drive or unconnected computer.