Your technology is essential, but it’s your team that stands on the front line of your company’s defense. The most sophisticated security software in the world can be bypassed by a single click on a convincing phishing email. Human error is a factor in the vast majority of security breaches, which means your employees are your biggest vulnerability—and your greatest strength. By empowering your team with knowledge, you turn every person into an active defender of your business. This guide provides crucial cybersecurity tips for small businesses, focusing not just on the tools you need but on how to train your staff to become your most valuable security asset.

Get A Quote

Key Takeaways

• Master the Security Essentials First: Before anything else, implement the non-negotiable basics. Enforcing multi-factor authentication (MFA), keeping software updated, and maintaining regular data backups create a powerful defense that closes the door on the most common cyber threats.

• Turn Your Team into Your Best Defense: Your employees are a critical part of your security. Continuous training on how to recognize phishing attempts and practice safe online habits transforms your team from a potential target into your most vigilant line of defense.

• You Don't Have to Do It Alone: Managing cybersecurity is a full-time job. Partnering with a managed IT service gives you access to 24/7 monitoring, expert guidance, and a clear incident response plan, allowing you to focus on your business with confidence.

Why Cybercriminals Target Small Businesses

It’s a common misconception that cybercriminals only go after big corporations with deep pockets. The reality is that small and medium-sized businesses are often more attractive targets. Why? Because attackers see them as easier to breach. They bet on the fact that you're busy running your company and might not have the same level of defense as a Fortune 500 enterprise. This perception makes you a prime target, not because of what you lack, but because of what you have.

From limited security resources to the valuable data you handle every day, several factors put your business in the crosshairs. Sometimes, it's not even about your business directly; criminals might see you as a stepping stone to infiltrate your larger clients and partners. Understanding these vulnerabilities is the first step toward building a stronger, more resilient defense for your business. Let's break down exactly why attackers might be looking at your company and what you can do to change their minds.

You have limited security resources

As a business owner, you’re juggling a dozen priorities at once, from sales to operations. It’s completely understandable that dedicated cybersecurity might not always make the top of the list. Cybercriminals know this. They count on small businesses having limited budgets, time, and in-house expertise to implement and manage robust security measures. According to the U.S. Small Business Administration, this is a key reason small businesses are considered easy targets—they may not have the resources to adequately protect their digital systems. This isn't a weakness; it's a common operational reality that simply requires a strategic approach to security.

You hold valuable data

You might not think your company’s data is as valuable as a large corporation's, but to a cybercriminal, it’s a goldmine. Your systems likely store a wealth of sensitive information, including employee records, financial details, and proprietary business strategies. More importantly, you hold customer information like names, addresses, and credit card numbers. This data can be sold on the dark web or used for identity theft and fraud. For an attacker, accessing this information is a direct path to a payday, making your business a very tempting target regardless of its size.

You can be a gateway to larger networks

Sometimes, the attack isn't even about you—it's about who you know. Cybercriminals often target smaller businesses as a weak link to launch a supply chain attack. By breaching your network, they can exploit the trust you’ve built with your partners, vendors, and larger enterprise clients. Once inside your system, they can use your credentials and access to get into bigger companies that have much more robust defenses. Your business becomes an unlocked side door, putting your entire professional network at risk and potentially damaging your reputation and business relationships.

Common Cybersecurity Threats to Watch For

Knowing what you’re up against is the first step in building a solid defense. Cyber threats aren’t just about shadowy hackers breaking through complex firewalls; they often arrive in much simpler packages, like a convincing email or a moment of human error. Understanding the most common tactics criminals use can help you and your team stay vigilant and protect your business from the ground up. These threats are constantly evolving, but most fall into a few key categories that every business owner should recognize. By familiarizing yourself with these methods, you can turn potential vulnerabilities into strengths and create a more secure environment for your company’s data and operations.

Phishing and email scams

Phishing is one of the most frequent threats your business will face. In these attacks, a criminal sends an email that looks like it’s from a legitimate source—like a bank, a vendor, or even a government agency—to trick you into giving up sensitive information. The goal is to get you to click a malicious link, download an infected attachment, or enter your credentials on a fake login page. These emails often create a sense of urgency, telling you an account is locked or an invoice is overdue. Always treat unsolicited requests for personal or financial information with suspicion, and train your team to inspect email addresses and hover over links before clicking.

Ransomware and malware

Malware is a broad term for any malicious software designed to disrupt your operations or steal data. This includes viruses, spyware, and one of the most damaging variants: ransomware. Ransomware is a type of malware that encrypts your files, making them completely inaccessible. The attacker then demands a ransom payment, usually in cryptocurrency, in exchange for the decryption key. A ransomware attack can bring your business to a complete standstill, leading to significant financial loss and reputational damage. These infections often start with a phishing email, making employee awareness a critical part of your defense.

Data breaches and insider threats

While we often picture cyber threats coming from outside the company, many security incidents originate from within. These are known as insider threats. Sometimes, this is intentional—a disgruntled employee might steal data or sabotage systems. More often, however, these threats are accidental. An employee might unintentionally click a phishing link, use a weak password, or misconfigure a cloud service, creating an opening for an attacker. Because employees are the primary cause of many data breaches, implementing strong access controls and ongoing security training is essential to protect your sensitive information from both internal and external risks.

Social engineering attacks

Social engineering is the art of psychological manipulation. Instead of exploiting technical vulnerabilities, attackers exploit human trust to gain access to information or systems. Phishing is a form of social engineering, but it can also happen over the phone, through text messages, or even in person. Common tactics include tech support scams, where a fraudster calls pretending to be from a well-known tech company to gain remote access to your computer. Another dangerous variant is the Business Email Compromise (BEC), where a scammer impersonates a company executive to authorize fraudulent wire transfers. These attacks succeed by preying on our natural instinct to be helpful and trusting.

Key Cybersecurity Practices to Implement Now

Protecting your business doesn’t have to be complicated. You can significantly reduce your risk by putting a few fundamental security practices in place. Think of these as the digital locks on your doors—they are your first and most effective line of defense against common threats. Getting these basics right creates a strong foundation that makes it much harder for cybercriminals to target your company. Start with these five essential habits to build a more secure operation today.

Enforce strong password policies

Weak or stolen passwords are one of the easiest ways for attackers to get into your network. It’s time to move beyond simple, easy-to-guess passwords and create a stronger standard for your entire team. Require employees to use long and complex passwords—at least 12-15 characters with a mix of letters, numbers, and symbols. Every account should have a unique password, and you should consider using a password manager to keep track of them securely. For an even stronger defense, implement multi-factor authentication (MFA), which requires a second form of verification, like a code sent to a phone, before granting access.

Keep your software updated

Software updates aren't just about adding new features; they often contain critical patches for security vulnerabilities that hackers can exploit. When you see a notification to update your operating system, web browser, or any other application, don't ignore it. The best approach is to set all your business software to update automatically. This simple step ensures your systems are always protected against the latest known threats without you having to think about it. An unpatched system is an open invitation for malware, so make regular software updates a non-negotiable part of your security routine.

Back up your data automatically

Imagine losing all your critical business files—customer records, financial data, and project files—in an instant. Regular data backups are your safety net against ransomware, hardware failure, or accidental deletion. Don’t rely on manual saves; set up an automatic system that backs up your important data every day. You can back up files to a secure cloud service or an external hard drive stored in a separate, safe location. Just as important, periodically test your backups to make sure you can actually restore the data when you need it most. This ensures you can get back to business quickly after any incident.

Secure your Wi-Fi and use a firewall

Your office Wi-Fi network is a primary entry point to your business data. Start by changing the default username and password on your router to something unique and strong. Make sure your network is protected with WPA2 or WPA3 encryption, which scrambles the information sent over the air. It’s also a good idea to create a separate, guest-only network for visitors to use. A firewall acts as a digital gatekeeper for your network, monitoring incoming and outgoing traffic and blocking anything suspicious. Most operating systems have a built-in firewall, so make sure it’s turned on for all company devices.

Install antivirus and endpoint protection

Think of antivirus software as the immune system for your computers and devices. It works in the background to detect and block viruses, spyware, ransomware, and other malicious software before they can cause damage. You need reliable antivirus protection on every device that connects to your network, including desktops, laptops, and servers. This isn't a "set it and forget it" tool; ensure the software is always running and set to update automatically. This allows it to recognize and defend against the newest cyber threats, providing a critical layer of endpoint security for your business.

Train Your Team to Be Your First Line of Defense

Your technology and security tools are essential, but they can’t do the job alone. Your employees are your most valuable asset and, with the right training, they can become your strongest defense against cyber threats. Human error is a factor in many security breaches, which means empowering your team with knowledge is one of the most effective security investments you can make. When your staff knows what to look for and what to do, they can stop an attack before it ever starts. This proactive approach turns every team member into an active participant in your company’s security.

Build a security awareness program

A one-time training session during onboarding isn't enough. Cyber threats are constantly changing, so your training should be an ongoing conversation. A strong security awareness program keeps your team sharp and informed. Regularly hold short training sessions to cover new threats, review company security policies, and discuss best practices. Make sure everyone knows the clear, simple steps to take if they suspect a security issue or if a company device is lost or stolen. The goal is to make security a regular part of your operations, not just an annual checklist item.

Teach employees to spot phishing scams

Phishing is one of the most common ways criminals gain access to business networks. These deceptive emails, texts, or messages are designed to trick people into revealing sensitive information or downloading malware. Train your team to be skeptical and to look for red flags. Teach them to always check the sender's email address, look for unusual grammar or urgent requests, and hover over links to see the actual destination URL before clicking. A well-trained employee can recognize a phishing attempt and delete it, protecting your entire organization with a single click.

Establish safe browsing and email habits

Beyond just spotting phishing, good digital hygiene can prevent a wide range of security incidents. Encourage your team to adopt safe habits as part of their daily workflow. This includes using strong, unique passwords and avoiding suspicious downloads from unverified sources. A critical habit to build is to avoid logging into accounts through links in emails. Instead, teach employees to go directly to a company’s website by typing the address into their browser. This simple step bypasses any fake login pages a scammer might have created, keeping credentials safe.

Create a culture of security

Cybersecurity isn't just an IT problem; it's a business-wide responsibility. To truly protect your company, security needs to be part of your culture, starting from the top down. When leadership prioritizes and models secure behavior, employees are more likely to follow suit. Encourage an environment where employees feel comfortable reporting potential security concerns without fear of blame. When everyone understands their role in protecting company and customer data, security becomes a shared value. This collective ownership is the foundation of a resilient and secure organization.

Why Your Business Needs Multi-Factor Authentication (MFA)

If you think a strong password is all you need to protect your business accounts, it’s time for a reality check. Passwords can be stolen, guessed, or cracked, leaving your sensitive data exposed. That’s where Multi-Factor Authentication (MFA) comes in. Think of it as a digital deadbolt for your accounts. It’s one of the single most effective security measures you can take, creating a crucial barrier between a cybercriminal and your business information.

Implementing MFA is a straightforward way to dramatically improve your security posture. It works on the principle that an attacker is unlikely to have access to both your password and a second verification method. Even if a hacker gets their hands on your entire employee password list, they’ll be stopped in their tracks without that second piece of the puzzle. Forcing this extra verification step across your critical systems makes it significantly harder for unauthorized users to gain access, protecting everything from your financial data to your customer information.

How MFA works

At its core, MFA is simple: it requires anyone logging in to prove their identity in more than one way. Instead of just entering a password (something you know), the user must also provide a second piece of evidence. This second "factor" is typically something you have, like a one-time code sent to your phone or generated by an authenticator app. It could also be something you are, like a fingerprint or facial scan. This layered approach means a compromised password alone is no longer enough to grant access, providing a powerful defense against common cyberattacks.

Where to implement MFA

You don’t need to enable MFA on every single login, but you absolutely should require it for your most sensitive systems. Start with any application or service that holds valuable data. This includes your email platform, cloud storage, VPN access for remote employees, and any software containing customer or financial information. Most importantly, make sure every single administrator account uses MFA. These accounts have elevated privileges and are prime targets for attackers, so securing them should be your top priority. You can usually find MFA settings within the security options of your most-used business applications.

Protect your most critical accounts

Take a moment to think about the accounts that are most vital to your business operations. Your financial, accounting, and payroll services are at the top of that list. A breach in any of these could be catastrophic, leading to direct financial loss and severe operational disruption. Check with your service providers to see what MFA options they offer and enable them immediately. Protecting these high-value accounts is one of the most important steps you can take to secure your business. If you’re unsure where to start or how to implement it correctly, our team at nDatastor can help you get a quote for a security assessment.

What to Do When a Cyber Attack Happens: Your Incident Response Plan

No matter how prepared you are, the moment you realize you’ve been hit by a cyber attack is stressful. The key is to replace panic with a clear, methodical plan. An incident response plan (IRP) is your playbook for exactly this moment, guiding your team through the critical steps to minimize damage and get back to business. If you don’t have one, now is the time to create it. A solid plan turns a crisis into a manageable problem. It should outline who to contact, what systems to prioritize, and how to communicate with everyone involved. Think of it as a fire drill for a digital disaster; practicing it ensures everyone knows their role when the pressure is on. This isn't just a document that sits on a shelf—it's an active tool that empowers your team to respond with confidence instead of chaos. A well-defined IRP helps you meet legal and regulatory requirements for data breach notifications, which can protect you from fines and legal trouble. It also demonstrates to your customers and partners that you take their data security seriously, helping to preserve trust even after an incident. Let’s walk through the four essential steps your plan should cover to protect your operations, your data, and your reputation.

Step 1: Contain the threat immediately

Your first priority is to stop the attack from spreading. Think of it like first aid—you have to stop the bleeding. This means immediately disconnecting affected computers, servers, or devices from the network to isolate the threat. If you can identify the source of the breach, like a compromised account, disable it right away. According to the Federal Trade Commission, you should have a plan for how to "save data, keep the business running, and tell customers if their information was exposed." Having these containment steps documented in your incident response plan ensures your team can act quickly and decisively, which can dramatically reduce the overall impact of the attack.

Step 2: Communicate with your team and stakeholders

Clear and timely communication is critical. As soon as the threat is contained, inform your leadership team and your IT support partner. This is where having a partner like nDatastor on standby is invaluable; our experts can immediately begin assessing the situation. CISA recommends you "talk about cybersecurity often" with your team so everyone understands their role during an incident. You’ll need to decide who communicates with employees, customers, and any other stakeholders. Be transparent but careful not to share unverified information. Your goal is to control the narrative, prevent panic, and show that you have the situation under control.

Step 3: Recover your systems and data

Once the immediate threat is gone, the recovery phase begins. This is where your data backup strategy proves its worth. Start by eradicating the malware or vulnerability that caused the incident, then begin restoring your systems and data from clean backups. It’s crucial to verify that your backups are uninfected before you restore them. CISA advises businesses to "restore your systems and operations after an attack and learn from the experience." This step isn’t just about getting back online; it’s about doing so safely and ensuring the same vulnerability can’t be exploited again.

Step 4: Review and improve your security

After you’ve recovered, take the time to conduct a thorough post-incident review. Figure out exactly how the attacker got in, what they accessed, and how your team responded. This isn't about placing blame; it's about learning from the event to strengthen your defenses. Use these findings to update your security policies, patch vulnerabilities, and provide additional training to your team. CISA suggests you should "create and update the IRP" and review it often, especially after an incident. Every attack, even a minor one, is an opportunity to refine your security posture and become more resilient for the future.

How to Run a Security Risk Assessment

Think of a security risk assessment as a health check-up for your company’s digital infrastructure. It’s a proactive process where you systematically identify, analyze, and evaluate potential cybersecurity threats. Instead of waiting for a problem to happen, you get ahead of it by understanding where your weaknesses are and what you need to do to strengthen them. This isn't about creating a perfect, impenetrable fortress—it's about making informed decisions to protect your most important assets.

Running a risk assessment helps you spend your time and budget wisely. You can focus on fixing the most critical issues first, rather than trying to tackle everything at once. It gives you a clear roadmap for improving your security posture and ensures your defenses are aligned with the actual threats your business faces. Let’s walk through the three key steps to conducting an effective assessment.

Identify your system vulnerabilities

The first step is to take a complete inventory of your digital assets and figure out where you might be exposed. Start by asking some fundamental questions: Where is our most important data stored? This includes everything from customer lists and financial records to employee information and proprietary business plans. Once you know what you need to protect, consider who has access to it. Are the permissions appropriate, or do too many people have the keys to sensitive information?

Next, try to think like an attacker. Look for potential entry points and weak spots in your systems. This could be anything from outdated software and unpatched servers to weak password policies or a lack of employee training on phishing. According to the U.S. Small Business Administration, a key first step is to understand where your business is vulnerable to attacks. Documenting these vulnerabilities gives you a clear picture of what needs to be fixed.

Prioritize threats based on risk

Once you have a list of vulnerabilities, it’s easy to feel overwhelmed. The key is to remember that not all risks are created equal. You need to prioritize them so you can address the most urgent threats first. To do this, evaluate each vulnerability based on two factors: the likelihood of it being exploited and the potential impact on your business if it were.

For example, a ransomware attack that could lock up your entire server and halt operations is a high-likelihood, high-impact threat that should be at the top of your list. On the other hand, a minor software bug on a rarely used computer might be a low-likelihood, low-impact threat that can be addressed later. This process helps you allocate your resources effectively, ensuring you’re putting your efforts toward protecting your business from the most significant dangers.

Adapt your security as threats change

Cybersecurity isn't a one-time project; it's an ongoing process. Cybercriminals are constantly developing new tactics, which means your defenses need to evolve, too. A security risk assessment should be a living document that you revisit regularly—at least annually, or whenever you make significant changes to your IT environment, like adopting a new software platform.

Staying current is critical because, as CISA points out, many old security tips are no longer effective against how attacks actually happen today. Regularly reviewing your risks ensures your security strategy remains relevant and effective. Use the findings from your assessment to update your incident response plan, refine your security policies, and guide future technology investments. This continuous cycle of assessment and adaptation is what will keep your business resilient in the long run.

Choosing the Right Cybersecurity Tools for Your Business

Once you have foundational practices in place, you can layer on specific tools to protect your business from different angles. Think of it like securing a house—you need strong locks on the doors, an alarm system, and maybe cameras. Your business's digital security works the same way, with different tools protecting different assets. You don't need a Fort Knox-level budget, but you do need a smart, multi-layered approach. The right combination of tools will create a strong defense that makes your business a much harder target for cybercriminals. Let's walk through the essential tools every business should have in its security toolkit.

Email and anti-phishing security

Email is the front door for many cyberattacks, making it one of the most critical areas to secure. Phishing scams, where attackers impersonate legitimate companies to steal credentials, are incredibly common. To fight back, you need tools that can verify an email's sender. Email authentication protocols like SPF, DKIM, and DMARC act like a digital postmark, confirming that an email is actually from who it says it's from. This helps stop scammers from spoofing your domain to trick your employees or customers. The Federal Trade Commission offers great guidance on setting these up. These tools work best when paired with ongoing employee training to help your team spot and report suspicious messages that might slip through.

Network monitoring and threat detection

Your business network is the backbone of your operations, and you need to protect it from unauthorized access. A firewall is your first line of defense. It acts as a gatekeeper, monitoring incoming and outgoing traffic and blocking anything that looks suspicious or malicious based on a set of security rules. But a firewall isn't a "set it and forget it" solution. According to the U.S. Small Business Administration, you must keep it updated to protect against new threats. Beyond a firewall, network monitoring tools actively watch for unusual activity inside your network, helping you catch potential breaches before they cause significant damage.

Cloud backup and disaster recovery

What would you do if a ransomware attack locked up all your files tomorrow? A solid backup and disaster recovery plan is your answer. It’s not enough to just back up your data; you have to be able to restore it quickly to keep your business running. We recommend regularly backing up all critical data to a secure, separate location. The best practice is to have copies both on-site and off-site, like in the cloud. Most importantly, you have to test your backups. An untested backup is just a guess. A reliable disaster recovery plan ensures you can get back on your feet with minimal downtime and data loss.

Vulnerability scanning and monitoring

You can’t fix weaknesses you don’t know you have. Vulnerability scanning tools proactively search your systems, applications, and network for security flaws that attackers could exploit. Think of it as a routine security audit that finds unlocked doors and windows before a burglar does. These scans can identify outdated software, missing security patches, or misconfigured systems. The Cybersecurity and Infrastructure Security Agency (CISA) even offers free cyber hygiene services, including vulnerability scanning, for businesses. Regularly running these scans allows you to find and fix issues, continuously strengthening your defenses against evolving threats.

How a Managed IT Partner Strengthens Your Cybersecurity

Trying to manage all of these cybersecurity practices on your own can feel like a full-time job. For most small business owners, it’s simply not feasible to become a security expert overnight while also running a company. This is where bringing in a dedicated team can be a game-changer. Partnering with a managed IT service provider gives you access to enterprise-level security without the cost and complexity of building an in-house team. Instead of waiting for a breach to happen and then scrambling to fix it, a good partner works proactively to prevent problems before they start. This gives you the peace of mind to focus on what you do best: growing your business.

A managed IT partner handles all the technical heavy lifting. They take care of the constant monitoring, essential maintenance, and strategic security planning that modern businesses require. Think of them as an extension of your own team—a group of local experts dedicated to protecting your assets. They can help you build a customized security strategy that fits the unique needs and budget of your business, ensuring you have a defense that’s as robust as it is practical. This partnership transforms cybersecurity from a source of stress into a source of strength.

Get 24/7 security monitoring and response

Cyber threats don’t operate on a 9-to-5 schedule, and your defenses shouldn’t either. One of the biggest advantages of a managed IT partner is having round-the-clock security monitoring. This means a team of experts is always watching your network for suspicious activity. Using advanced tools, they can spot potential threats in real time and take immediate action to neutralize them before they can cause damage. This constant vigilance is something most small businesses can't sustain on their own. Our Cybersecurity solutions are designed to provide this continuous protection, ensuring your systems are defended day and night.

Access expert implementation and maintenance

Having the right security tools is only half the battle; they also need to be implemented, configured, and maintained correctly. A managed IT partner brings deep expertise to the table, ensuring your firewalls, antivirus software, and other security measures are set up for maximum effectiveness. They handle all the ongoing updates and patches to protect you from the latest vulnerabilities, a task that can easily fall through the cracks when you're busy. This removes the guesswork and ensures your security infrastructure is not only strong but also perfectly aligned with your specific business needs. This level of professional oversight is a core part of our managed IT plans.

Lean on professional security and compliance expertise

The cybersecurity landscape is complex and always changing. A managed IT partner serves as your trusted advisor, helping you make sense of it all. They provide expert guidance on everything from developing security policies to meeting industry-specific compliance requirements like HIPAA or PCI DSS. These experts use advanced strategies like Managed Detection and Response (MDR) to actively hunt for threats within your network. By leaning on the knowledge of a dedicated team, you can be confident that your security posture is robust and that you’re making informed decisions to protect your business’s future. If you have questions, we're here to help you get started.

Related Articles

• 5 Simple Tips on Preventing Cyber Security Risks at Work

• A Guide for Healthcare and SMBs on Managing Cyber Security Risk and Compliance

• The Top 5 Cybersecurity Threats Businesses Face in 2025 — And How to Prepare

• Northern California IT Support

• Northern California IT Support

Get A Quote

Frequently Asked Questions

My business is small. Why would a cybercriminal bother with me? It’s a common question, but attackers don’t care about your company’s size—they care about opportunity. They often see smaller businesses as easier targets because they assume you have fewer security measures in place. Your customer and financial data is just as valuable on the dark web, and sometimes, criminals use your network as a stepping stone to attack your larger clients. It’s less about who you are and more about what you have access to.

This all feels like a lot. What's the most important first step I can take? It can definitely feel overwhelming, so start with the actions that give you the most security for your effort. The single best thing you can do is implement multi-factor authentication (MFA) on your critical accounts, especially email and financial software. This requires a second form of verification, like a code from your phone, to log in. It’s a simple step that stops most password-based attacks cold.

How can I protect my business if my employees are the biggest risk? Instead of viewing your team as a risk, think of them as your first line of defense. The key is consistent training and building a security-conscious culture. When your employees know how to spot a phishing email and understand the importance of good password habits, they become active participants in protecting the company. It’s about empowering them with knowledge so they can stop an attack before it even starts.

What's the difference between having antivirus software and working with a managed IT partner? Think of it this way: antivirus software is like a good lock on your front door. It’s absolutely essential, but it’s just one component. A managed IT partner is like having a complete security team that not only installs the lock but also monitors the system 24/7, keeps everything updated, and has a response plan ready. It’s the difference between a single tool and a comprehensive, proactive strategy.

If an attack happens, what's the absolute first thing I should do? Your immediate priority is to contain the threat and stop it from spreading. The very first action you should take is to disconnect the affected computer or device from the network. Unplug the ethernet cable or turn off the Wi-Fi. This isolates the problem and prevents it from infecting other systems while you assess the situation and contact your IT support team for help.