It’s easier than you think for companies and business leaders to overlook cybersecurity. Unfortunately, the nature of the threat means some of the biggest worries for your organization might actually be out in plain sight. Here are five kinds of cybersecurity risks that are regularly overlooked.

Inconsistent or Nonspecific Cybersecurity

An obvious weakness in the cybersecurity strategy at your place of work is the people. More specifically, it’s how well and how consistently they’re trained on security essentials.

Everybody should be on the same page about the reality of the risks and how necessary a good human element is these days, even with all the anti-virus and anti-malware software available.

The understanding of what a phishing email looks like comes in handy just as much at home as it does in the office. It comes with an added bonus: Even though nobody likes extra meetings, 77 percent of surveyed employees stated that specific and consistent cybersecurity training helped them feel a greater sense of ownership over the company and its processes and assets.

Poor Password Hygiene

When it comes to office culture and cybersecurity, poor password hygiene is especially worrying. If one employee secures all their work accounts with the same password, that’s a lot of potential information that could go missing if somebody targets them for cybercrime.

The importance of good password hygiene isn’t as overlooked as it used to be, but some of the best solutions probably are. Investing in a password manager is always a good idea — and it’s something you can apply to office culture, too. Look for a password manager with cross-platform functionality if you need it, and search for multiuser plans to give everybody in the office the means to create and store their own strong passwords for everything they do at work.

Not Taking Updates Seriously

This list entry is another one that gets talked about all the time, yet is still regularly responsible for personal embarrassment, as well as wide-scale disasters like WannaCry and Petya. These cybersecurity incidents exploited out-of-date software. More specifically, they took advantage of a window of vulnerability between a Microsoft patch going live and that patch being applied widely.

The point is not that clicking refresh on software updates all day long will prevent every possible instance a cybercriminal could exploit a vulnerability or back door. Setting everything you can to auto-update at a convenient time, daily, does stand a chance of keeping you safer.

Unsecured Personal Devices

BYOD culture — or bring your own device — is a great thing for employees and employers alike. It lets employees perform their duties in a digital workspace they already know and feel comfortable in. On the employer side, the lack of a serious learning curve and the small bump in productivity are welcome.

What’s less welcome are the cybersecurity risks that BYOD culture brings. It’s possible to permit and even encourage your teams to work on their own laptops and tablets, but this shouldn’t be done without a comprehensive and robust BYOD policy drawn up by your IT team. At a minimum, you should require that users access on-premises internet connections using VPNs and that all accounts are equipped with two-factor authentication.

Mobile Malware and Ransomware

Malware has finally gone mobile. None of the modern mobile operating systems are exempt from risk, and there are multiple ways for malware to infect a device, including fake app downloads and Wi-Fi spoofing.

Ransomware is another threat to our personal and business cybersecurity. In one of the most famous cases, the U.K.’s National Health Service’s digital properties were held for ransom. Unbreakable protection is all but impossible, but ensuring your off-site and local data backups are always encrypted can give you some breathing room by keeping usable data out of would-be thieves’ hands.