The holiday season is a time of joy with family and friends. However, it is also a time when data breaches and cyber-attacks spike. One such incident recently occurred, according to CNN Business, when the Marriott guest reservation system was hacked, potentially exposing the personal information of approximately 500 million guests. To protect against such incidents, it is imperative that small businesses better ensure their cybersecurity, especially if they retain customer credit card information and digital assets, by adhering to the following three tips:

No. 1: Secure office and remote computers and networks. It is critical that computers are protected against viruses, spyware and other malicious code. If not, install antivirus software and antispyware now and update them on a regular basis. Networks can be secured by utilizing firewall and encrypting information, and if you have Wi-Fi it can be hidden by setting up the wireless access point or router so it does not broadcast the network name. For employees that telecommute, their home systems should also be protected by a firewall.

No. 2: Restrict employee access to certain information. It is important to not provide just one employee with access to all of your data systems, but equally important to limit access to data for other employees, including the authority to install software. Ensure that employees are only given access to specific data systems required for their job duties, and remember that unmanaged administrator privileges are some of the biggest IT security threats to a small business.

No. 3: Safeguard mobile devices. Due to the fact that millions of people use their mobile devices for just about everything, including work-related matters, employees should be required to password-protect their mobile devices, especially if they contain confidential information or can access your business’ network. Other measures for safeguarding mobile devices include encrypting data and installing security apps, which can prevent cyber-criminals from stealing information when a mobile device is on a public network. Android in particular has a large inventory of malicious, infectious apps, so staff should be trained or prevented from downloading random apps from the app store.