Last year, government agencies and businesses in the United States suffered losses from 1,093 reported data breaches. That number is likely higher due to the fact that these attacks are rarely spotted for months after the initial attack takes place. As Eva Casey Velasquez, chief executive officer of the Identity Theft Resource Center puts it, “this [number] is the best-case scenario.”

Numbers like this have forced, and frightened, many Boston agencies and companies into spending more on data security. However, if more and more money is being thrown toward data security initiatives, how come the number of breaches increases every year? The answer is simple: There is a lot of money to be made in cybercrime, and there is a lot of money wasted on solutions that don’t work. So how do you spend your cybersecurity dollars wisely? By following these three important tips:

1. Put a good backup and recovery system in place

Disaster recovery should be reason enough for any organization to have a solid backup and recovery solution in place. Unfortunately, this isn’t always the case. How can we be so sure? Just look at all of the organizations that have suffered from ransomware attacks over the past few years—more than 4,000, on average, every day since the start of 2016. Organizations that have failed to properly set up backup and recovery have two choices when ransomware strikes: pay the cost to release the data or lose everything. If, however, you back up the right information on a set schedule and you have tested the ability to recover that data, you have the choice to clean the infected computers, restore the data, and keep your hard-earned money.

2. Stay up to date

Updates are required in the world of data security. But you need to do more than just keep your software and operating systems up to date. Hardware needs to be updated when new firmware comes out, rules that govern your organization’s security posture need to be kept up to date, and you still need to update your anti-virus software.

Even that is not enough. As a business leader or an IT leader, you need to stay up to date on the latest trends and news in the world of data security. You need to know what attacks your business faces daily and how you can best protect your organization and customers from these threats.

3. Be proactive

If you are reacting to data security threats, then it is already too late. Those who find themselves constantly taking corrective action are the ones who are fighting a losing battle; they have likely already suffered a breach and may not even know it.

When it comes to data security, it pays to take the initiative and be proactive. Set up an effective awareness training program to teach employees how to spot and report suspicious activity. Spend money on technology that is proven to help secure your business against known and unknown threats. Finally, know what information and resources you have and what from among these is attractive to the different threat actors out there so that you can best secure these assets.

Even small and medium-sized businesses have to take data security seriously. They are attractive targets because the bad guys see them as low-hanging fruit. But you don’t have to be an easy target if you put the right security solutions in place. Even if you have a small IT staff that doesn’t specialize in security, all is not lost. By partnering with the right managed services provider, you can rely on the experience and expertise of its security professionals to help safeguard your company’s data, resources, and reputation.