As cyberattacks continue to be an ongoing, serious threat, it’s more important than ever that you and your employees carefully guard your passwords. According to the Verizon 2016 Data Breach Investigations Report, 63 percent of data breaches are due to stolen passwords—or by choosing default or weak ones.

Though passwords may seem like a minor element in the massive cybersecurity arena, the fact is they allow cybercriminals to easily enter your construction company computer system, says David Thomas, CEO of Evident, a platform that keeps personal information secure for businesses.

“Passwords are one of the easiest ways for an account to be breached, because individuals frequently reuse passwords across applications,” says Thomas. One weak password allows cyber criminals to enter your system and wreak havoc.

Consider the following tips for ensuring password security at your company.

1. Go for complex.

Simple passwords may be easy to remember, but they’re also easy to crack. Make your password as complicated as possible. Use several different types of characters to create a pass-phrase. Rather than making it straightforward, such as Saturdaynight, use numbers and other symbols, such as sat3rday-Nite. Misspellings are also highly effective.

2. Stay away from personal data
The first thing that cybercriminals will check is if you’ve used personal information for your password, such as the birthdate of your child, or your anniversary. Home and business addresses are also not advised.

3. Choose lengthy passwords.
A strong password should include at least eight characters. Even better is one that is 10 to 12 characters. Each character makes it less likely that someone could figure out your password.

4. Don’t Use the Automatic Login Feature

Auto log-ins are convenient and might save you time, but they make it much more likely that you’ll get hacked. When you’re asked if you want to save a password, decline.

5. Avoid using the same password While it certainly makes life more complicated, unique passwords for each site and account are recommended. If a hacker cracks one of your accounts by obtaining a password that you use across the board, the criminal gains access to everything with that same password. That can lead to exponential damage for your company.

6. Change passwords frequently

Make it a policy at your company to change passwords every 30 or 60 days. Send out a reminder to all employees to change passwords. Or better yet, use a system that requires that passwords are changed on a regular basis.

7. Take advantage of two-step verification

“We recommend implementing multi-factor authentication so that any account has a backup mechanism to prevent unwarranted access to an account,” says Thomas.

When a service or site offers two-step verification, opt to use it. Enabling this service will require you and your employees to enter a code sent as a text message before logging in. That means that a cybercriminal wouldn’t be able to sign into an account without your phone.

8. Avoid using email addresses as logins

Many systems use your email address as a default login. Your email might be easy to remember, but it’s a bad idea to use it. Linking a username to an email allows cybercriminals to locate information on you. The person can pull up other accounts using that email address, including social media. This can enable the thief to put together a profile of you and your employees that will be used to gain entry into your system.

9. Use a password manager

One of the biggest drawbacks to creating and using strong passwords is remembering them. This also tends to be the reason why you may struggle to get password compliance from employees.

A password manager can solve that problem. Such a system keeps track of your passwords so you don’t have to remember them. All you need do is remember one master password, which “unlocks” the door to your many passwords.

10. Have a frank talk with employees

To encourage compliance regarding strong password use, acknowledge to your crew that you realize it takes extra effort. Explain that a security breach could cause big problems for the entire company. Most employees will comply when you point out that being a password sinner could affect their paychecks.