Do you know the weakest links in your company’s cyber security?While cyber thieves can be based anywhere in the world, the weak links are usually your employees, notes cyber security expert Ryan Duquette.“We’re not talking about hacking into a company,” says Duquette, founder and principal of Hexigent Consulting in Oakville, Ontario.

“Some employees feel they are entitled to the information in a project they have worked on, even if it’s only a small slice of it.”

About 75% of the work that Duquette’s cyber security firm does is internal theft of intellectual property.

Cyber security is everyone’s responsibility

“Employees can say, ‘Security isn’t my thing,’ and expect their IT department to take charge, but it shouldn’t be that way,” says Duquette.

Business owners need to take the time to get everyone thinking about cyber security—from the cleaning staff right up to the top executives, including the company president, he recommends.

Consider the consequences of your company’s information being stolen and have measures in place to deal with any breach, he says.

He suggests starting by asking a series of questions: “What is it that you are trying to protect? Who has access to it and what controls have been put in place? Would it be very damaging if the information got out?”

Your business could be increasingly vulnerable

“I would say that these threats are actually increasing for small to mid-sized businesses because a lot of these companies hold very important information about clients,” Duquette says.

Cyber criminals, whether they’re your employees or hackers in a distant location, will also steal financial information.

“You have a lot of start-ups with high-value intellectual property (IP) that people would love to get their hands on,” Duquette adds.

6 tips to protect your company’s data

1. Conduct regular cyber security audits

Businesses should have regular cyber security audits to identify what are the gaps, strengths and weaknesses of the company’s data management procedures.

2. Know what to do in case of a breach

Develop a cyber security protocol to define what steps need to be taken to deal with a breach. That includes a policy to notify your clients, vendors and the authorities immediately. You may also want to notify your bank.

3. Back up your data daily

Companies should back up their information daily, not just in the cloud, but also on a hard drive. Installing regular software updates is another good habit, according to.

4. Know who has access and why

When an employee leaves, make sure they no longer have any access to your company’s information by resetting passwords. Have a policy on who has access to your company’s sensitive information and know how often it’s being accessed and why

5. Encrypt your communication, including email

Your communications, which includes any personally identifiable information or personal health information, should be encrypted to protect their content. Encryption keys should not be stored on servers because they can be unlocked.

6. Buy cyber security insurance

Cyber security insurance can help mitigate losses from a variety of cyber incidents,They also show that you take the threat seriously.

Phishing is still a threat to entrepreneurs Criminals will sometimes use chat bots or email scripts to obtain your personal financial or health information to steal your money or identity, or will sell it on the black market at a premium to other criminals looking to use your personal information for identity theft.

Sometimes cyber criminals don’t want to attack their targets directly, instead they want to breach a server and take everyone’s information at once. They will do this with rainbow tables, which essentially is a method of looking at password algorithms and gaining access to an entire server in a matter of minutes compromising every user of that service.