Small businesses have become a primary target of cybercriminals. Cyberattacks aimed at small businesses rose from 18 percent of all hacks in 2011 to 43 percent in 2015, Symantec data shows. Half of U.S. companies were breached in 2016, a Ponemon Institute study found.

Criminals target small businesses because they perceive them as easier targets than big companies with dedicated IT security teams. Unfortunately, they are often right, with a Manta survey finding that nearly one in three American small businesses don’t take basic security precautions such as using antivirus software, firewalls and spam filters.

The good news is, with today’s technology, small businesses can implement strong security measures without having a big corporate budget. Here are four pro security tips you can use to protect your company’s sensitive data.

Secure Network Devices

Recent cyberattacks increasingly probe vulnerabilities in mobile devices and devices connected to the Internet of Things, says University of West Florida Center for Cybersecurity director Eman El-Sheikh. For instance, last year’s Mirai hack brought down large internet sites by attacking IoT devices with weak default passwords, such as routers and connected cameras. Securing devices connected to your network should be a priority.

Protect your network by installing firewall apps on mobile devices and using IoT devices with built-in firewalls. Use strong passwords for smartphones and laptops, and change default passwords on network devices such as routers. Fortify passwords with multi-factor authentication. Some devices with advanced security features such as the ZTE ZMAX Pro let you scan in different fingerprints to perform specific actions such as answering a call, opening a particular app or taking a photo.

Install antivirus programs on mobile devices. Use data partitioning to segregate business and personal data. Enable remote location and data wiping features as a safeguard in the event devices are lost or stolen.

Use Secure Networks

It’s also important to secure your network by keeping it hidden and encrypted. To keep it hidden, adjust your router or wireless access point so that it does not broadcast the Service Set Identifier (SSID) that specifies your network name.

To encrypt your network, use a private network or virtual private network. You can make sure mobile devices on your network connect through a virtual private network by using a VPN app. Train your employees to connect through a VPN rather than using an unencrypted public network at a Wi-Fi hotspot.

Automate Software Updates

The first half of the year saw a wave of ransomware attacks unleashed by a hack of NSA malware. Unfortunately, this wave looks likely to be the first of many, warns CNET, which reports that Avast found 38 million businesses had not updated their security after this spring’s WannaCry attack. WannaCry targeted exploits in outdated software, while users who were current on the latest updates were far better protected.

Keep your system safe by keeping your software current. This includes operating systems, apps and antivirus software. Set your software to update automatically. Schedule antivirus software to run an automatic scan after each operating system or app update.

Schedule Automatic Data Backups

Ransomware attacks work by threatening to keep you from accessing your data. You can reduce this risk by following sound data backup procedures. This also protects you from other types of malware that could wipe out your data, as well as other threats such as equipment failures, power outages and natural disasters. Store three copies of your company data, using at least two different media such as local discs and the cloud, and store at least one copy at a location separate from your physical location.