While many believe data breaches and email hacks happen exclusively to big corporations, what most don’t know is that small businesses are just as vulnerable to attacks, if not more so. Data hacks can have a serious impact on your company – they not only jeopardize customer and partner trust, but they can be a financial burden. In fact, data breaches cost businesses $4 million on average, according to IBM.

The unfortunate reality in many data breach cases is that human error is often the culprit. From accidentally emailing the wrong attachment to wrongly copying someone on an email thread, small business employees oftentimes unknowingly put themselves and their sensitive data in harm’s way because they are unaware of the risks and the proper preventative security measures to take.

2016 was the year of email hacks. The memories of how email hacks rocked the presidential election, DNC, John Podesta and Colin Powell are still fresh. Now is the time for organizations of all sizes to take a closer look at their corporate data security strategies and make any updates necessary.

Here’s some helpful advice for businesses looking to safeguard their companies, especially from the threats that their employees unsuspectingly pose.

Provide employee training and education.

Whether it’s emphasizing the use of strong passwords or explaining how to protect devices, employers should encourage employees to safeguard not only customer, but corporate information. For example, employees should be aware of and only use Wi-Fi networks they are familiar with, to avoid an information sharing mishap. Consider signing up for a security webinar or training session, so all employees can get up-to-speed on simple ways to protect themselves from data loss and theft.

Create a system for securely transferring data — no extra steps required.

To ensure employees adopt data-protecting habits, make sure it is as easy for them as possible. Consider a solution that works seamlessly with your company’s current devices and policies, so your employees can spend their time growing the business, instead of putting it at risk.

Protect employees from themselves with the right Data Loss Prevention (DLP) solution.

To reduce the risk of human error, set up software that will scan outbound email for possible red flags. If there’s a cause for concern, the solution, such as DLP, will quarantine the message and check in with the administrator to confirm they want this information delivered. That way, employers and employees can rest easy knowing sensitive information — like social security numbers, credit card information, etc. — is safe.

Regularly conduct internal testing.

Given phishing and social engineering are some of the biggest threats to companies, it’s important to make sure companies are conducting internal penetration testing. If a new wave of employees start, it’s worth testing them out after they have gone through some basic cybersecurity training to illustrate the threat and help them recognize any security issues.

If we’ve learned anything from past data breaches, it’s that employees can pose an unsuspecting cybersecurity threat. However, there are simple steps owners can take to prevent an accidental data leak. With the right safeguards, policies and education in place, your business can help keep your customers’ sensitive information where it belongs — out of the hands of cybercriminals.