For small businesses, cyber security often ends at the bottom of a long list of priorities, which is, in part, why they are so vulnerable to attacks by hackers.

Recovering from a cyber attack can be hugely taxing on a small business that is strapped for the cash and resources to handle such a hit. In fact, the U.S. Small Business Administration’s Chief Information Security Officer, Beau Houser, says, “60 percent of small businesses are out of business within six months of a cyber attack.”

The statistics are scary, and while bouncing back after an attack may be challenging, there are measures small businesses can take to minimize risk of a cyber attack in the first place.

1. Keep all devices updated

The top thing that small businesses can do requires diligence but can be hugely effective in preventing hackers from accessing data or infecting devices with a virus. Houser says, “Believe it or not, most of the risk can be addressed by simply patching all of your IT systems.”

Updates and patches should be regularly installed on not just desktops and laptops, but also mobile phones, servers and any devices that use the internet. Most devices now offer automatic updates, but if yours don’t, make sure you’re manually doing so on a regular basis.

2. Protect devices anywhere sensitive data is accessed

While many business owners already know to have a firewall or antivirus software installed for work computers, most don’t consider that when employees take work home, the data on those devices is also at risk.

If taking laptops home to work remotely — or even accessing company content from personal devices — is part of your company culture, consider investing in a virtual private network (VPN), which requires employees to log into an encrypted website to access sensitive data. There are also VPN tools for mobile devices.

3. Get a file-sharing strategy

Today’s workforce often uses cloud-based tools to easily share files with other employees, but these cloud-sharing tools are susceptible to cyber attacks. These tools may be fine for sharing articles or photos, but for more sensitive files, such as documents with customers’ personal data or financial details, use encrypted file-sharing services.

Additionally, educate your team on protocol for sharing documents. Eighty-four percent of business users send confidential documents as attachments to emails, and a simple changing of company policy could better protect those files if they were uploaded through FTP or other encrypted services.

4. Take advantage of resources for small businesses

Hackers look for the easiest target when it comes to cyber attacks.

“Unfortunately, that’s small businesses these days — they really lack the resources to fully address the problem,” says Houser.

There are, however, a growing number of resources provided by the United States government and other organizations designed to help small businesses mitigate their risk of attack.

Congress is doing its part to provide resources to small businesses. It recently passed the Improving Small Business Cyber Security Act, which offers more tools and resources through existing federal agencies targeting small businesses, such as small business development centers.

Stay Safe Online, created by the National Cyber Security Alliance, is a website that teaches small business owners (at no charge) how to protect themselves from possible attacks.

Prevention, as we all know, is better than a cure. By implementing deliberate practices in advance, you can protect your IT systems against attack.