Do you lock your door when you leave your home? Do you hide your valuables before leaving a parking lot? You probably don’t even think about it when you take these basic precautions.

If it’s second nature to protect your tangible valuables, are you that careful with your digital ones?

Cyberattacks against personal and business computer systems are becoming more common every year. The 2021 FBI Internet Crime Report says Texas had 41,148 reported cyberattack victims and lost $606.2 million to cybercrime last year. And those are just the incidents we know about, says Wade McCain, cybersecurity training specialist at the Texas A&M Engineering Extension Service, Cyber Readiness Center. Plenty go unreported.

“Typically, cybercriminals are going for money. Whatever leads them to money will be the biggest target,” he says. They may be interested in personally identifiable information, customer and financial data, intellectual property and trade secrets, or systems and business plans.

Cybercriminals know they can make money targeting real estate businesses and professionals like you. If you think your home computer or firm is too small or insignificant to be attacked, think again. Once cybercriminals have broken into your systems, they can encrypt your files or trick you into handing over your money and personal information, among other disruptive actions.

There are basic steps you can take to protect yourself online. The more of them you implement, the safer you’ll be. Here is what McCain recommends.

For Individuals

“We at the Cyber Readiness Center believe that it’s more memorable to teach individuals how to secure their personal lives, and then that knowledge will spill over into their professional lives,” McCain says.

Long, unique passwords for every personal and work account are essential. A long password should be at least 12 characters in length. Do not reuse passwords for multiple accounts. If your password gets stolen, cybercriminals can test it all over the internet and gain access to more of your information, he says.

Password managers are programs and apps that can help you generate long, unique passwords and store them securely so you don’t have to remember them. By downloading and installing one, you only need to remember a single password: the one that opens the password manager.

Check before you click. Take a second before opening an email or text message. Do you recognize who sent it? Does the email address or phone number look normal? Are there any misspellings? Does anything seem unusual about the message? Don’t open attachments or click on links from sources you do not recognize. If you aren’t sure if the sender is legitimate, do not log in to a service to read a message or access a file. Invitations to view online documents may direct you to a fraudulent website that looks legitimate but is designed to steal your password. This is a common way criminals can break into your systems.

Don’t give out your personal information. Phishing is when a cybercriminal pretends to be a trustworthy person or entity to trick you into giving up your account credentials or personal information. This could take the form of an email, text message, phone call, or website. Verify that the message is legitimate; call the person or organization at a number you independently locate to confirm before responding.

Reduce your digital footprint. People love sharing their personal activities and photos on social media. “Everything you do online is not only in writing but can and will be used against you by the bad people,” McCain says, adding that businesses have been attacked based on what employees have posted in their personal channels. Think carefully about what you post online. Does that post reveal anything sensitive? Consider limiting who can see your posts.

Two-factor authentication protects your accounts by asking users to provide a second credential after the password. Typically, you’ll use a one-time code sent via text message, email, or an app. Many popular services, such as Gmail, Amazon, and financial services allow two-factor authentication.

Websites that monitor major hacks can tell you if your information is in danger. If you input your email address at haveibeenpwned.com, the site will tell you if that address was included in known major data leaks. If the information was leaked, change your passwords immediately.

Keep your devices up to date. It may be tempting to delay that software update, but tech companies are continually fixing vulnerabilities. If they’ve provided a solution to a problem, install it. Many devices update automatically or have a setting you can turn on to automatically update.

Back up everything offline. Keep extra copies of your files and important information on an external hard drive (or two) that is disconnected from your computer, the network, and the internet once your backup is completed. If anything happens to your computer, you can start over from your backup file. Be sure to test your backups periodically to make sure they’re working and up-to-date.

For Businesses

When it comes to cyberattacks for real estate companies, knowing your risks is the first step to mitigating them, McCain says. Brokerages are being targeted with phishing, data wire transfers, email compromises, and ransomware.

Training your agents and personnel on cybersecurity is the most important thing you can do. Business email compromise attacks resulted in nearly $2.4 billion in losses nationwide last year, according to the FBI. Scammers will compromise a business email account by breaking into the account or tricking the rightful owner into letting them in. Once there, they can conduct unauthorized transfers of funds, the FBI Internet Crime Report 2021 says.

Everyone who accesses your systems protects your organization like a human firewall against cyberattacks. “It doesn’t matter how many technical controls you put in place. If someone inside the organization clicks a link, that person can let a bad guy right into the network and bypass all of the technical security that’s in place,” McCain says.

Verify payment and purchase requests in person if possible. “Too many times, people will authorize paying people and approve real estate transactions through email,” McCain says. “If that email has been compromised, you could literally lose tens of thousands, hundreds of thousands, or even millions of dollars just because you thought you were paying somebody and that’s not really who you were paying.”

Two-factor authentication is needed for all remote access accounts. Anybody who is connecting to the system through a virtual private network (VPN) or any administrator who is managing a server needs this second layer of protection.

Create a separate administrator account with full access on your devices and only use it for administrative purposes. Brokerages and business owners can set this up across all of the company machines. Give your own account less access and use it for your daily business. Your systems are more secure from malware infection when logged in as a user with fewer privileges. If your computer has been infected with malware, you may be able to resolve the problem using the administrator account, McCain says.

Having procedures in place before anything happens will help your firm immensely. Create a cyber incident response plan. The National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Center for Internet Security (CIS) Security Controls are great places to start: They are a set of guidelines and practices for protecting against cyberattacks. Create a playbook so you know what to do for each type of cyberattack. Once you have established plans, be sure to practice them at least once a year, McCain says.

Cyber insurance can offer coverage from cyberattacks and guidance when an incident happens.

Hold your partner organizations accountable. Even if your business is secure, you are still at risk if your vendors and third-party organizations you interact with are insecure, according to McCain. Require that any third party you work with follows strong cybersecurity practices.

Keep your systems up to date. Some recent high-profile cybercrimes happened because attackers exploited outdated servers and operating systems, McCain says. Have a patch management system to routinely update your devices and computers.

Having secure, offline backups of data is just as important for businesses as individuals. Those files can help you recover if ransomware freezes your systems.

“My advice for real estate companies is to do all of the basics right—all of the simple stuff,” McCain says. “Having good cyber hygiene will make a big difference.”