Target and Home Depot have made headlines recently for major security breaches that put millions of customers’ personal and financial information at risk. While the two major retailers were victims of highly specialized and targeted attacks, SMBs must understand they are susceptible as well—most often of more widespread, but equally damaging threats.

Security vulnerabilities, Cryptolocker and Heartbleed for instance, and key events that leave systems exposed, such as the end-of-life for Microsoft Windows XP, can severely impact and cripple a business.

Companies must do all they can to protect themselves from these threats. And, while there are certainly advanced technology solutions to thwart malware, viruses, and hackers, a few simple actions and directives can go a long way in terms of network, system, and data security.

Here are 8 simple tasks businesses can start immediately that will dramatically improve their security.

1. Conduct a Security Audit: Work with an experienced and certified vendor to audit the entire IT infrastructure and determine what is needed to prevent unauthorized access.
2. Make Staff Aware of Their Important Role: Employees are the “first line of defense” when it comes to security. A bit of attentiveness can help ensure human error is kept to a minimum.
3. Use Strong and Multiple Passwords: In terms of password security, using “password” or “123456” (the two most common) is pretty much the same as leaving the keys in the ignition.
4. Encrypt Data and Files: This is a very effective way to secure files and information. Whoever is attempting to access protected data will not be able to do so without the encryption key / code.
5. Backup, Backup, Backup: Security measures are absolutely necessary, but data backup is equally important. Without a backup solution, how can a business recover corrupted or lost data...?
6. Have Security Policies: Simple, concise mandates, such as requiring 120-day password cycles, will ensure employees are doing their part to nurture a secure IT environment.
7. Protect Remote and Mobile Workers: Employees working away from the office—and away from a protected network—are operating “in the open.” It is important that their mobile technology is as secure as possible.
8. Multi-Tied Security: Security threats are more sophisticated than ever. Anti-malware, firewalls, intrusion detection, and other critical capabilities should protect every entry and exit point of company’s network.