A great way to avoid the potential financial losses and reputational damage of a cyber attack is with cybersecurity training for employees as part of their onboarding. Train your employees about emails from the start. Here are some tips.

Don’t open that suspicious email. Emails are one of the most common methods cybercriminals use to access a company’s confidential or proprietary information. Show employees examples of fraudulent emails and explain why it is not a good idea to open them. If they see spelling errors, grammar errors, or if they are addressed oddly, these are red flags that the email may not be safe to open. Even if the email appears to be from someone they know personally, like a coworker they lunch with daily, the employee should not open the email if something looks off. Instead, they should call their coworker’s known phone number and confirm the email is legitimate before opening it.

Update passwords. Impress upon your employees the importance of not using simple and guessable passwords—it can put the whole company at risk. The longer and more varied the password is, the more secure it will be. Ask employees to avoid using the same password for everything, as well. Another typical risk employees engage in is having the browsers save their passwords.

Consider password services. Hackers make a living out of cracking passwords. They use special circuit boards to help shorten the amount of time it takes to crack a password. Consider having employees use a password manager service to help ensure password security against hacking. These are just as easy to use as a browser-saved password.

Include remote employees. Let remote employees know how crucial it is to maintain good cybersecurity practices by logging in through a remote VPN connection or taking a similar precaution provided by the company’s IT team. Ensure any staging or sandbox environments are only accessible via VPN or whitelisted IP addresses.

What you can do to help. Learn how to perform a cyber risk assessment for your business. Keep the physical premises secure. If there is a server room that stores data, keep it locked and ensure only authorized personnel are allowed to enter that room. Assign someone to this responsibility. And be sure to revoke permissions from employees that leave the company.