In today’s digital world, cyberattacks are, unfortunately, nothing new. Cybercriminals can attack a multitude of levels, from large-scale attacks targeting corporations to smaller phishing attacks aimed at gaining an individual’s personal information.

October is Cybersecurity Awareness Month, but good cyber hygiene should be practiced year-round. This year’s theme is “See Yourself in Cyber”—because we all have a part to play in cybersecurity. When we hear about massive data breaches, it can feel overwhelming and lead us to think we’re powerless as individuals to stop cybercriminals.

The truth is that there are several practical steps we can take to safeguard our devices and data. Here are four easy ways to boost your cyber hygiene:

1Enable multi-factor authentication. Also known as two-step verification, multi-factor authentication adds a second step when logging into an account (to prove you’re really you), which greatly increases the account’s security. This second step could include an extra PIN, answering an extra security question, a code received via email or a security token. Regardless of the type of authentication, this additional step makes it twice as hard for cybercriminals to access your account. Not every account offers multi-factor authentication, but it’s becoming increasingly popular and should be utilized when available.

2Use strong passwords and a password manager. Remember, passwords are the “keys” to your personal home online. Your passwords should always be long, unique, and complex. Create passwords using at least 12 characters, never reuse passwords for multiple accounts and use a combination of upper- and lower-case letters, numbers, and special characters. If you have a lot of accounts, consider using a password manager to store them easily and securely in one place.

3Update software. It may seem obvious, but regularly updating software is one of the easiest ways to keep your personal information secure. Most companies provide automatic updates and will send reminders so you can easily install the update. If you’re not receiving automatic software updates, set a reminder to do so quarterly. Be aware that some cybercriminals will send fake updates; these typically appear as a pop-up window when visiting a website. Use good judgment and always think before you click.

4Recognize and report phishing attacks. Don’t take the bait when cybercriminals go phishing. The signs of a phishing attack can be subtle, so take the extra time to inspect emails thoroughly. Most phishing emails include offers that are too good to be true, an urgent or alarming tone, misspellings, poorly-crafted language, ambiguous greetings, strange requests, or an email address that doesn’t match the company it’s coming from. Most platforms like Outlook, Gmail, and Mac Mail allow users to report phishing emails. If you suspect a phishing attempt, take an extra minute to report it.

Cybercriminals are here to stay, but when we all take a risk-based approach to our cyber behavior, we’re creating a safer internet for all.