Remember the safe (and good) answer to the question: “How much do you love me?” It is “more than yesterday but not as much as tomorrow.” The same answer applies to the question: “How secure is your business?”

As threats and attack surfaces (more discussion on these in the next Simply Cyber) proliferate, choosing a strategy to make your business practices more secure can appear daunting, inconvenient, and inordinately expensive: an investment without assured returns. A good place to start is by stripping away the technical jargon and following a few of the common sense habits we learned as children:

Don’t talk to strangers. Many of us use our cell phones for business. When I receive a call from a number I don’t recognize, I let it go to voicemail. The Do Not Call registry cannot compete with pervasive robocaller technology, so just because you’ve registered your number, don’t assume a caller who makes it through is legitimate. Just continue to pass on those $250K business loan offers that you’ve never applied for. If you suspect a call might be legitimate (but your voicemail is full), do an Internet search on the number. Reports of known scams will show up.

Read the label. With respect to email, be suspicious of those with no subject line or that sound odd, even if the presumed sender is known. Let your cursor hover over the sender’s name to check for extended source information. A country code pointing to the Czech Republic or Russia could indicate a hack attempt. I like to do an “out of channel” check. For example, if you have the phone number from previous correspondence, you can just call and ask whether a message was recently sent. You can also search for suspicious subject lines over the Internet or search for items like “PayPal Scam” and learn about the December 2017 scam requesting verification of bogus transactions.

Don’t take candy from strangers. Remember the marketing adage: “If it’s free, it’s not a product—you are”? This applies to many apps available for free download. Do you really need that game, sweepstakes opportunity, or new messaging platform? (Good answer: NO.) The data mining/data brokering industry is huge and projected to grow 11.2% between 2017 and 2022. As an example, one not-so-household-name company, Acxiom, reported more than $800 million in revenue in 2015.

Knock first. Although passwords, security codes, and other access control mechanisms can slow you down, think of them as knocking on a door before entering. They prevent you—and others—from barging into personal or protected spaces. This is a good thing! Make sure your password is something you can remember, without it being predictable. Incredibly, the top 25 most used password list for 2017 contains the following: “123456” and “123456789” (and similar variations), “qwerty”, “111111” (and similar variations), and “password”. Really? Don’t use a readily guessable combination.

These are just a few suggestions for low-cost (no-cost) practices to start improving both your personal and business security posture. The bottom line is to start doing something to be more secure than yesterday. Please check back next month for more Simply Cyber tips.