Your employees are instrumental in protecting your business from cyber threats. But they can also become targets for hackers and cybercriminals, and they might not know it. Here are four ways your employees might endanger your business and themselves — and what you can do about it.

1. They’re Not Practicing Safe And Secure Web Browsing. One of the most basic rules of the Internet is to not click on anything that looks suspicious. However, it can be harder to tell what’s safe and what isn’t.

A good rule of thumb is to avoid websites that do not have “https” in front of their web address. The “s” tells you it’s secure – https stands for Hypertext Transfer Protocol Secure. If all you see is “HTTP” – no “s” – then you should not trust putting your data on that website, as you don’t know where your data might end up.

Another way to practice safe web browsing is to avoid clicking on ads or using an ad blocker, such as uBlock Origin (a popular ad blocker for Google Chrome and Mozilla Firefox). Hackers can use ad networks to install malware on a user’s computer and network.

2. They’re Not Using Strong Passwords. This is one of the worst IT security habits out there. It’s too easy for employees to use simple passwords, reuse the same password over and over again, or use one password for everything. Or, worse yet, all of the above.

Cybercriminals love it when people get lazy with their passwords. For example, suppose you use the same password repeatedly, which is stolen in a data breach (unbeknownst to you). In that case, it becomes super easy for cybercriminals to access virtually any app or account tied to that password. No hacking is needed!

To avoid this, your employees must use strong passwords, change passwords every 60 to 90 days, and not reuse old passwords. It might sound tedious, mainly if they rely on multiple passwords, but when it comes to the IT security of your business, it’s worth it. One more thing: the “tedious” argument doesn’t hold much water either, thanks to password managers like 1Password and LastPass, which make it easy to create new passwords and manage them across all apps and accounts.

3. They’re Not Using Secure Connections. This is especially relevant for remote workers, but every employee should be aware of it. You can find WiFi virtually everywhere, making connecting to the Internet very easy. A little too easy. When you can connect to an unverified network at the click of a button, it should raise eyebrows.

And unless your employee uses company-issued hardware, you have no idea what their endpoint security situation is. So it’s one risk after another, and it’s all unnecessary. The best policy prohibits employees from connecting to unsecured networks (like public WiFi) with company property.

Instead, they should stick to secure networks that then connect via VPN. This is on top of the endpoint security that should be installed on every device that connects to your company’s network: malware protection, antivirus, anti-spyware, anti-ransomware, firewalls; you name it! Finally, you want to open as many gates between your business interests and the outside digital world as possible.

4. They’re Not Aware Of Current Threats. How educated is your team about today’s cyber security threats? If you don’t know, or you know the answer isn’t a good one, it’s time for a change. One of the biggest threats to your business is a workforce that doesn’t know what a phishing e-mail looks like or doesn’t know who to call when something goes wrong on the IT side of things.

If an employee opens an e-mail, they shouldn’t or click a “bad” link; it can compromise your entire business. You could end up the victim of a data breach. Or a hacker might decide to hold your data hostage until you pay up. This happens daily to businesses worldwide – and hackers are relentless. They will use your employees against you if given a chance.

Your best move is to get your team trained and educated about your business’s current threats. Working with a managed service provider or partnering with an IT services firm is an excellent way to accomplish this and avoid everything we’ve discussed in this article. Education is a powerful tool; when used correctly, it can protect your business and your employees.