In a world where cybersecurity threats are continually evolving, you'd be surprised how simple it is to prevent getting hacked.

"The difference between a company that gets hacked and the company that doesn't get hacked, I've found," says Norman Guadagno, chief evangelist at Carbonite, "is the difference between who clicks a link in their email, and who doesn’t."

Threats are everywhere

All business are data-driven businesses these days, and keeping that data safe is crucial. It’s important to secure your borders and set up a digital perimeter, and use antivirus and other security software to prevent threats from entering.

But what is it that most people don’t get? Your employees are the number one source of vulnerability to digital threats. “Employees are the ones who click on links, visit questionable websites, and pick up USB drives from stranger, just as an example,” says Guadagno.

Start with education

Most businesses don't train their employees to understand the security risks, and how to have good digital hygiene.

Good digital hygiene is actually pretty simple—think before you click. "The reality is that we get lots of different inbound emails, and every employee needs to stop and think before reacting. Does this website look legit, does this ad look legit?" says Guadagno.

Employees need to remember that their login information, their username and password, are the keys to the kingdom. Hackers often start with social engineering attacks to get users to betray bits of their personal information, so hackers can piece together employee’s login credentials.

Watch out for social engineering

With hackers using social engineering, employees need to be thoughtful about how and when they share their personal data.

“We all get caught up in the automatic behaviors,” says Guadagno. “You need to get your employees to break out of that routine to get them to think. It’s the same way social engineering takes advantage of people wanting to answer questions, to be helpful, to bring closure to a situation. But just pausing for a few seconds to think can cause users to behave very differently.”

Limit employee access

Most employees don't need access to everything, so don't give it to them. This limits the vectors that someone with harmful intent can use to attack your company's data.

“It’s not just line level employees or IT techs at risk,” says Guadagno. “Employees at every level, from the most junior all the way up to the C-suite, are at risk these days.”

Watch email especially

The top way hackers and criminals get into a system is through email. “It seems so simple, but it's true,” says Guadagno. “We all have a large number of inbound emails that we don't even think about what we open, and the links we click on. A good way to prevent getting hacked via email is to have stricter filtering on emails, or better training on how to deal with inbound emails.”

According to Guadagno, often there are shared email accounts that are very vulnerable. With a shared account, multiple different people touch the account, and compromised emails touch their computers. “You really need to lock down shared accounts,” he says.

Get employees to think before they click

All of these are important, but Guadagno’s number one tip? A Post-it note. 

"Keeping a Post-it note on the side of work computer, or a shared computer, with a list of items for them watch for when opening email or visiting websites, can help people stop for a few seconds and think."