The time between Thanksgiving and Christmas is one of the busiest of the year for small businesses in the retail industry. Billions of dollars are spent by consumers searching for the perfect gifts and the best deals. However, it’s also one of the most active times of the year for hackers.

The holiday season isn’t just one of one-horse open sleighs and chestnuts roasting on an open fire. It’s also one of phishing schemes, fake websites, and malware attacks that put both your customers and your business in danger.

Shockingly, only about 37% of businesses admit to teaching employees about the danger of cyber attacks and the importance of business security. In addition, with so many businesses swiftly hiring short-term holiday help, they’re onboarding an even larger number of employees with little to no knowledge of cybersecurity.

To lend a hand, we’ve compiled a small Christmas present for business owners: three simple and safe steps you can take to improve your business security and protect both your budget and your customers this holiday season.

If your business relies on online orders, this is the most important step you can take. Take a look at your website’s URL. Does it say HTTP or HTTPS? If it’s the latter, your website’s encrypted by transport layer security (TLS).

TLS uses algorithms that make it nearly impossible for hackers to steal ciphered information hosted on your website. Without it, every payment your customers make—and all of their personal info including credit card numbers and addresses—is visible.

As an added precaution, make sure your website’s security layers are updated. Manufacturers and developers commonly roll out new versions to “patch” vulnerabilities found in the old ones.

We say this a lot, but it’s too important to be ignored. Update, update, update. Update your devices and software. Update your business’s computers where payroll, inventory, and other valuable information are stored (it also wouldn’t hurt to have a backup of that info). The last thing you need is for your inventory list to be wiped away a few short days before the holidays.

Make sure your pin pads, chip readers, iPads, and other devices used to process credit and debit payments are updated to their latest operating systems. The retailer Target has paid out tens of millions of dollars to the more than 40 million customers who had their PIN codes stolen during the 2013 holiday season. The last thing you want for your business is to face the same financial burden and scathing public perception.

It’s also important to note that, although more customers have chip cards than they did last year, they’re still not foolproof against hacks. Don’t think that just because you accept chip cards you won’t get hacked.

About 75% of small businesses don’t have cyber liability insurance. It’s not something a lot of business owners know about, but it is definitely something every business owner should have. Cyber liability insurance protects your business, helping it reorganize and rebuild in case of a hack.

Like any insurance plan, cyber liability insurance is an investment. Perhaps you may not ever need to use it, but if you suddenly do, you’ll be glad you have it. Without it, your business may be on the hook for tens of thousands—perhaps even millions—of dollars. Many businesses never bounce back from a hack and are forced to close their doors. Don’t let this happen to yours. Some insurance companies offer this service, so contact your insurance provider to learn more.

If you encrypt your site, update your registers and pin pads, and add an extra layer of protection (and peace of mind) with cyber liability insurance, you should have everything you need to enjoy all that the holiday season can do for your business.

An extra step you can take? Hire a tech services provider. The holidays keep you busy and a tech provider can implement the cyber security solutions you need. Contact our business security team today to learn more.