You won’t likely be duped into sending money to an overseas bank account anytime soon. But phishing scams and malware-laced communications are constantly evolving. As we’ve seen with NotPetya this year, cyberattacks are becoming more sophisticated, and yet they can still find their way into systems through phishing emails—right under our noses, with our permission. They may pose as a new business lead, a security update, or a request from your bank. They may even come with a very convincing email.

These sneak attacks have some telltale signs, however. Shortened URLs, unfamiliar senders and urgent demands to CLICK NOW are just a few. Make sure your employees look out for these, conduct regular educational sessions to keep your team aware of the latest attacks, and let them know how one click could jeopardize your entire network.

Perpetrators cast a wide net, and they will get a few bites, even from those who know better. While being the target of a cyberattack is nearly inevitable—and your DR plan should account for this—exercising caution and training employees can head off many incidents before they become disasters.