With malware attacks and stolen data being a common theme in today’s society, companies today need to put more effort in informing and educating employees. Over the years that viruses have run rampant, one of the most common themes in those stories is that employees allowed them to run rampant one way or another.

They opened an email, clicked a link, or didn’t bother updating their computer. In fact one of the biggest concerns is people leaving laptops or their mobile in vulnerable places.

In the end, people are either your strongest line of defense or your weakest link when it comes to handling these attacks. And even if your defenses are pretty solid, all a hacker needs is to break one link before it all comes crumbling apart.

So what can we do to ensure the company we work with is in tip top shape to handle threats? Well here are five tips on how we can educate yourself, employees, and others.

First make sure you communicate clearly the potential impact a breach has on the business. How bad habits like easy passwords or not logging off your computer or leaving a laptop in a public area can spell danger.

Second, make cybersecurity something everyone has to take seriously. No one is immune to educational programs. That includes both management and IT staff. Even if those people already know how important it is, having those knowledgeable people in the room can help spark conversation. This also applies to employees who’ve been working with the company for a while as they likely have more sensitive information compared to greener employees.

Third, hold cybersecurity sessions often. Training for cybersecurity isn’t something you do after you’ve been hacked. In fact that’s the worst time to host a session. Instead, make an effort to hold sessions regularly prior to any attack.

These sessions don’t need to be time consuming, perhaps once a month hold a lunch ’n’ learn. Another option is having an online forum employees can share and discuss information. You can even consider putting together routine online surveys to quiz cybersecurity knowledge. It’s cheap, quick, and is a good way to measure people’s knowledge.

Fourth tip is is issue specific rules for social networks, mobile devices, email, and browsing. Encourage culture of “safe browsing” and caution staff to have caution around unfamiliar links or attachments they’re not familiar with.

On that note, if you encourage routine passwords, aim to find a balance. If you get them to change them every month, employees will start writing them down rather than memorizing them. My suggestion is change your password once every three months at the minimum.

Furthermore, don’t make processes so convoluted that you’re making it harder for employees to do their work. If you add too many stops, employees will find other methods to bypass those controls.

The final tip is to train employees to recognize and respond to cyber attacks. Give them a channel where they can easily reach for anything cybersecurity. From suspicious emails, unusual activity, or losing a device. Even if it’s a false alarm, having an emergency number to contact is reassuring and can stop attacks before they get too big.

Despite all of these efforts, this won’t be enough to stop every single threat out there. Hackers continue to find new ways to break into systems. But at the very least, having knowledge and a more informed staff can help reduce the risk of human error causing breaches.