Declare an Orange Alert


Your best IT pro is powerless if employees are blowing holes in your security. “Your people need to know what exposes data,” says David Stelzl, author of Data@Risk and founder of the consultancy Stelzl in Charlotte. Get them up to speed with security-awareness training in a program such as SANS Securing the Human, says David Davenport, CEO of MotherG, a managed IT services firm in Chicago.

Lock Down Your Phone


You risk a lot if you talk business on the same device your kids use to download games. A rogue program, says Stelzl, could hack into your phone and “see your calendar, see you through a camera without you knowing it, and listen to you through the microphone.” He recommends Check Point’s Mobile Threat Prevention, which detects malicious apps, and Capsule, which helps create a secure mobile environment.

A Firewall—and More


Strengthen your firewall with intrusion prevention tools and consider adding DPI-SSL services, which pre-approve Internet traffic before it gets to you. To deal with those who slip past the wall, some larger companies are increasingly using behavior-based analytics and access controls. Together, these tools collect data to see how users are operating inside the network—and identify and isolate bad actors quickly.

For more on cybersecurity, watch this Fortune video:

Confer With Competitors


Battening down the hatches on your own will get you only so far. Your IT team should be sharing best practices and intel with friendly members of your industry. One way is through Security Colony, a portal where firms can exchange ideas for a subscription fee of $2,000 a year. Even better, free your IT team from crisis control for a day or two and send them to a conference where they can talk shop. It’ll cost a lot less than undoing the damage of a major hack.

Avoid Hostage Situations


More hackers realize there’s big money in taking over the computers of firms and demanding cash to set the data free. McAfee Labs reported a 165% uptick in ransomware in one recent quarter. Davenport recommends a technology called OpenDNS. It’ll prevent you from stumbling onto hackers’ sites where you might otherwise download malware. It filters the good sites from the bad,” he says.

A version of this article appears in the March 15, 2016 issue of Fortune.