Is data security, online privacy and identity theft a top concern for your business? If it’s not, it should be. Cybercrime is on the rise. More than ever, hackers are successfully stealing information from organizations and using it to commit identity theft and fraud.

Hackers are using data breaches to steal valuable information from businesses of all sizes— such as email accounts, names, birth dates and phone numbers — and then using that information to conduct sophisticated phishing scams to gain access to personal and business accounts. The best way to avoid being taken in is for organizations to set good security procedures and policies, and for everyone to learn how to spot a phishing scam.

Here’s the latest that you need to know in order to avoid getting hooked by hackers phishing for your information:

1) Address your weaknesses. At home and at the office, you need to invest in technology to help you detect and address threats. You also need to stay up-to-date at work and at home on the latest technology security news to know if you’re vulnerable. Watch out for news about malvertising attacks and ransomware scams. You also need to pay close attention if you’re part of a larger attack.

2) Know how to spot a phishing scam. A phishing scam can come in the form of an email, link, or even a telephone call. Cybercriminals will use whatever means they can to install malicious software or access your accounts to steal your personal information. Watch for suspect emails with links (and don’t click them if you aren’t sure if they are legitimate!), phony security alerts, fake websites and out-of-the-blue phone calls where someone says that they can help you solve a computer, account or software issue.

3) Know what’s going into your spam and trash folders. If hackers do start trying to access your accounts, one of the first things that can happen is that they’ll reset your passwords to critical accounts (banking, or others) and set a filter so that any email notifications about the changes bypass your inbox. Always watch your email account for unusual activity, and if you see anything strange – such as trash or spam folders emptying themselves — change your password immediately. (In this case, you’ll also want to check your banking and other critical accounts.)

4) Know how to manage your passwords. Activate two-factor authentication whenever possible for business and personal accounts. You can set up a password manager for an added layer of security, get expertise from tech support, or have an IT person set up a password manager.