For small business owners, security has become a serious concern. Last year, 43 percent of cyberattacks in the U.S. targeted companies with fewer than 250 people, costing companies hundreds of millions of dollars, according to digital security provider Symantec. Forty-five percent of small businesses experienced a cyber attack in the last half of 2016, a CSID survey found.

Yet nearly one-third of small businesses say they take no active cybersecurity measures. Physical security is also a growing concern, with nearly 10 percent of U.S. companies experiencing a burglary or theft in 2016, costing an average of $8,000 per incident, according to an online small business insurance agency Insureon. Here are three strategies you can implement to establish strong security protocols to protect your company.

Prioritize Cybersecurity

With criminals prioritizing cyberattacks on small business, cybersecurity must be a priority for small business security. The foundation of a strong cybersecurity policy should be a strong BYOD policy. Software provider Citrix recommends making your BYOD policy manageable by creating clear guidelines limiting who in your organization is allowed to bring their own device and what devices are supported. Limit the amount of sensitive apps and data stored on employee devices by using virtualization and secure file sharing to avoid storing apps and data on devices when not necessary.

For apps that do need to be stored on-device, requiring apps to be downloaded from a secure company app store can avoid malware infections. To protect data that needs to be stored on-device, use encryption, containerization and remote wiping capability. Use password management software to protect employee login credentials. Disable printing and access to client-side storage such as USB storage to keep data from being smuggled out of your company network.

Incorporate your cybersecurity policies into your employee onboarding and training procedures. Make sure your managers and workers appreciate the importance of cybersecurity and understand your policies.

Implement Strong Physical Security Measures

It’s also essential to implement strong physical security policies. Physical security starts with deterrence measures such as good lighting to illuminate your parking lot and building perimeter. Integrating lighting with motion sensors, alarms and commercial security cameras can warn intruders that they’re under surveillance and discourage them from attempting a breach. Use measures such as pin-cylinder locks with a dead-bolt or double dead-bolt to bar would-be thieves from entry.

Security cameras can also help you deter internal threats by helping you keep an eye on employees. Do regular inventory counts to detect shrinkage and mitigate the risk of employee theft.

Create Contingency Plans

Despite your best preventive efforts, your digital or physical perimeter may be breached, making contingency plans a vital component of a complete security approach. Develop protocols for responding to cybersecurity breach events. For instance, if an employee device is lost or stolen, instruct your security team to remotely wipe the missing device of sensitive data. Use automated cloud backup services to enable you to recover deleted data in the event of a ransomware attack or other type of hack.

You should also develop contingency plans in the event of a physical breach. Set up your surveillance system to notify your remote monitoring service when a breach is detected to assess the situation and determine whether or not to summon authorities. Designate on-site personnel who are trained to respond in the event of employee theft or other security issues. Make sure your employees know who to report to in the event they spot suspicious behavior.

Strong protocols for cybersecurity, physical security and contingency response form the foundation of a solid security policy. Implementing these strategies will help you keep your company’s data, reputation and finances safe and secure.