Startup entrepreneurs tend to suffer from a bevy of misconceptions. For example, you might think that if you work hard, success will definitely come; you might whole-heartedly believe that since you founded the business, you can run it however you like; and you might suspect that your teeny-tiny business is off the radar of hackers and cyber-thieves. All three of these delusions will sink your business ― but none as catastrophically as the last.

Everyone is vulnerable to malware, but small businesses tend to be prime targets for cybercriminals. Your limited resources and lackadaisical attitude toward security makes it that much easier to infiltrate your network and steal precious data. Worse, because edtech assets exist almost entirely online, nearly everything you work for is available for a cybercriminal’s taking. Therefore, it is even more important that edtech entrepreneurs put in extra effort to keep their startups secure. Here are a few top tips to ensure your edtech stays safe.

Learn It All and Teach It All

Believe it or not, the legions of cybercriminals aren’t your startup’s biggest threat ― you are. Human error is the number-one cause of insecurity within a company, so the more you know about security and secure practices, the better. As your business expands, it is vital that you educate your team with the same knowledge. If everyone understands and respects security rules, you are significantly safer from cyberattack.

Have a Plan for Web Security

Often, a startup’s website is one of just a few marketing materials the business can afford. Thus, having an attractive and functional website is vital to your startup’s success. Unfortunately, websites are easy targets for hackers, especially when they utilize common hosts or lack basic protections like unique root passwords and SSLs. Since there are plenty of obscure ways cybercriminals can mess with your website, you should consider hiring an experienced web development team instead of trying to protect your web assets yourself.

Write a Privacy Policy Your Customers Will Read

Nearly every startup these days runs on data, but edtech ventures are particularly interested in collecting customer information. When you collect so much identifying and personal data, a breach is even more disastrous. Therefore, you must draft a privacy policy that clearly outlines what data you gather and how you use it. It is most important that your policy be accessible and decipherable, so your customers feel confident that you will uphold their privacy.

Keep Your Work Devices Protected

Installing anti-malware software on all devices used for work should be a no-brainer, but modern startups utilize such a plethora of devices and systems that often, business leaders let some fall through the cracks. Just as you wouldn’t allow in-office workers to install and maintain their own security software, you shouldn’t expect telecommuters and mobile workers to keep their devices safe from attack. Every device connected to your startup should benefit from the same, high level of security, which might mean overseeing installation personally.

Update, Update, and Update Again

Outdated software is like a welcome mat for hackers. Every program on every work device should adhere to a strict update schedule to make sure that no software leaves vulnerabilities through which a cybercriminal can wriggle. Often, employees put off software updates because they interrupt workflow and seem to waste time; you must ingrain in your team the importance of updates or else accept updating as one of your many responsibilities.

Use Encryption, Even If You Don’t Get It

Encryption is a vital element of any sound security plan. Encryption is also an exceedingly complex science, so it’s more likely than not that you won’t understand exactly how it works. Still, much of your data should be encrypted; in fact, there are laws mandating that some types of data always be protected by layers of encryption. If you aren’t confident in your ability to encrypt your most sensitive data, you should hire a security expert to help.

Be Serious About Passwords

Sometimes, it’s hard to believe that a secret code is all that separates your precious information from a malicious thief. In fact, many people disbelieve this fact, and as a result, they craft short, easily guessed passwords that fail to protect them against cyberattack. If you cannot implement more secure measures like dual authentication or biometric locks, you should at least be serious about how you generate passwords. If nothing else, they should be about 15 characters, mixing letters, numbers, and symbols to form a meaningless string.