It happens every single day—people open emails from unknown senders, click on mysterious links out of curiosity, and even print out sensitive information and leave it sitting on the printer. These actions certainly aren’t uncommon. But when they occur at your company, it’s a major problem for your business’s cyber security.

In this day and age, you know that IT security is vitally important to your business. It’s just as important as the physical security of your building. Firewalls, email filtering, security patches—these measures are well-known to businesses of all sizes. However, even if you have the right security software and monitoring in place, you may still be overlooking the biggest threat of all to your IT security: your employees.

Sure, your employees are good people. Chances are that they would never do anything intentionally to hurt your business. But human error is the cause of the majority of business cyber-attacks. It’s not because people are trying to be malicious; it’s the result of preventable mistakes.

Banks have become the leading target of cyber crime as people increasingly adopt the use of financial technology. According to Serianu’s Cyber security Report 2016, African countries lost at least $2 billion in cyber attacks in 2016.

“For those who do not work in IT but use computing devices for work, it is necessary to have cyber security training so that they understand how minor mistakes or simple oversights might lead to a disastrous scenario regarding the security or bottom line of their organization,” Yuan continues. “With attacks becoming more advanced and sophisticated, training is mission-critical to minimize human error from the cyber attack equation.”

It’s a wise step to take on a personal level as well, since even if your mistake was completely unintentional, you won’t avoid consequences. “No one wants to get fired, especially when you didn’t do anything malicious to harm your company,” “But this is exactly what can happen if you fall victim to an email phishing campaign or other social engineering attack and become the vector by which your company exposes sensitive information. Educate yourself to be suspicious and cautious when it comes to operational security.”