When it comes to cloud security, make no mistake: you are ultimately responsible for your assets. While security is a shared responsibility between the provider and the client, the majority of that responsibility is on the client.

So it should follow as no surprise that by tightening up security on the client side, a vast majority of cloud security breaches wouldn’t happen to begin with. By following a couple of simple steps, you can protect yourself and your organization from the most common breaches pertaining to the cloud:

1. It all starts with passwords

First things first, you need to start educating your users on passwords and access control. Security consultant Mark Burnett recently released a slightly controversial report on password usage which analyzed consistencies over 10 million different usernames and passwords involved in data breaches over the years.

What he found is that the same ones keep on showing up, and has compiled a list of the 100 weakest passwords that traditionally have lead to hacks and breaches.

Unfortunately, human minds just aren’t that good at creating or remembering passwords. How to Geek has a bunch of great advice on how to create a strong password that you can remember, including coming up with a sentence that involves numbers and symbols.

Their example is something like “The first house I ever lived in was 613 Fake Street. Rent was $400 per month.” the password then becomes “TfhIeliw613FS.Rw$4pm” which is a good password at 21 characters.

If you don’t use money, or exchange an “s” with a “$”, you can always put a pound symbol (“#”) before any numerical characters that show up in your sentence, or separate two sentences with an exclamation point (“!”).

For example “Sean Connery is the real 007. Daniel Craig was good too” would become: “SCitr#007!DCwgt”. At 15 characters, it’s not quite as long–but it’s still over the traditional 12-character mininum. You can also play around with capitalizing proper nouns for more variation.

A final note on passwords: not all passwords are stolen via technology. In fact, social engineering is a bigger problem that most people know.

It doesn’t matter how good your password is if you’re giving it out to people posing as help-desk personnel. Educate yourself and your employees on proper access control before somebody makes a mistake.

2. Encrypt your data

If there’s anything we learned from the FBI/Apple encryption dispute in late 2015 and early 2015, it’s that encryption is king. The last line of defense in protecting data at rest and in transit is good 256-bit encryption, and Apple fought tooth and nail to keep from having to provide a backdoor that would not only let the government in, but that would have ultimately devalued the security of the company’s product line and share price (APPL).

Don’t let the weight of these actions be lost on you! If you’re moving sensitive data between onsite systems and the cloud, consider investing in a virtual private network (VPN), which ensures that all authorized users are encrypted.

Also make sure that all your sensitive data at rest is encrypted so that if any unauthorized users do make their way into your system, they won’t be able to access important files.

A word on encryption: make sure that if you are using 256-bit security and are constantly checking for new updates on encryption software and services. Currently, there aren’t any computers (save State owned supercomputers, in theory) that can crack 256-bit encryption.

This is great, but the same was once said for 128-bit. Make sure that the technology is kept up to date, that you use strong passwords as noted above, and that these passwords are renewed on a rotating basis.

Lastly, never give one person all of the keys to your kingdom. If your head of IT leaves and they were the only one with knowledge of your encryption, guess what? You’re out of luck.

3. Back, back, back it up

If there’s one thing that can never be said enough, it’s that you need to be sure you have good data recovery measures. Even with all of these protections, hackers and cybercriminals are ever-vigilant, and always coming up with news ways to breach systems. One piece of malware that’s become increasingly popular is cryptolocker ransomware.

This infectious code locks you out of all of your important files (using encryption actually), while the ransomer demands you make a payment to regain access. The only way to combat a ransomware attack is to wipe your entire system and restore it–assuming you have cloud backups.

You’ll want to make sure you’re making local backups as well. This is important, because if your internet goes down or something happens to your service provider, as unlikely as it is, you don’t want to lose all of your data.

While many cloud companies will offer backup services as a bundle with their other services, it never hurts to have multiple backups–plus, you can store yours for longer, if needed.

Some of the larger consumer cloud services don’t allow local backups, so make sure to check with your service provider and utilize the option if it’s available.

With these three measures in mind, you can rest assured that you’re doing your due diligence in protecting your cloud’s security. Remember to take a long hard look at your service level agreement (SLA) with your provider to make sure that you understand exactly what your responsibilities are and what your provider’s are in the event of a breach so that nothing falls through the cracks.

Andrew Heikkila is an entrepreneur, artist, and writer from Idaho. He likes to cover global issues in business, the Millennial workforce, and leadership topics. When he’s not enjoying habanero pizza and craft beer, you can find him on a run in the beautiful foothills above Boise. Follow Andrew on Twitter @AndyO_TheHammer