Your business is a castle. And that castle needs protection in an increasingly digital and connected world. Although the large, corporate data breaches tend to grab headlines, attacks on smaller businesses are increasing because they may have less sophisticated online and cloud security practices. Additionally, malware and inadvertent employee misuse tend to be more common in businesses without centralized IT policies and enforcement.

The good news is that applying basic security processes can help protect against many of the common threats we see today. Use online services, cloud and device technologies that offer built-in security features; and, most importantly, make your employees your first line of defense.

How can you have them help dig a digital moat to protect valuable business assets?

An initial checklist to help get you started:

Teach your employees about phishing emails, whether they’re coming through work or personal email accounts. Leverage the protections provided in to help protect against hackers. You can set up two-step verification, making it more difficult for a hacker to sign in, even if they’ve somehow learned your password. Microsoft Outlook comes with built-in anti-phishing detection to help prevent fraudulent email messages from reaching you in the first place.

Create strong passwords. We’re all guilty of it – using birthdays, names, and personal references as passwords. Consider using programs that randomly generate strong passwords. Or, have enforceable policies in place that require employees to change passwords regularly.

Keep antivirus software up to date. It seems like an annoyance, doesn’t it? Having to update your security software every time another version comes out. And yet, it’s the most effective way to keep protected against constantly-changing cyber threats. Microsoft helps to take the work off your plate by constantly monitoring and detecting threats, and making sure the latest protections are in place within their solutions. For example: in Windows 8.1 Pro, Windows Defender notifies you when a virus is detected and the specific action needed to resolve it. And Office 365 includes up-to-date spam and virus protection to better protect your email communication.

Protect your device. Be aware of the devices your employees use for work. Is sensitive information winding up on personal devices? Are they password protected? Consider managing devices for your team so that you (and they) don’t have to worry. Microsoft provides built-in protection at every level of your technology platform, from the server to PCs to mobile devices. For example, with Mobile Device Management for Office 365 and Microsoft Intune you can remotely lock a device, wipe data, and reset a pin if the device is lost or stolen. And encourage employees to use a device tracking app or “find my phone” service that can ring, locate, lock, and erase a missing phone.

Keep sensitive data inside your doors. An organization’s data may remain on a personal device when employees leave a company. Encourage your employees to save business data in the cloud. OneDrive for Business files are automatically backed up. And Office 365 also offers the option to define clear permissions and access levels to those backup files. That way, when your employees walk out the door, your data stays with your business.

Protect email communication. If you are emailing a sensitive document, password protect it in Office. Alternatively, save the document in the cloud, using OneDrive for Business, and simply send a link to the select people that need the information.

Introduce auto-updating browsers and software. Whenever possible, use automatic updates in your software applications to help guard your PC against viruses, spyware, and other malicious software in real time.