April has been a busy month for ransomware attacks as multiple municipalities have been afflicted, including Greenville, North Carolina; Imperial County, California; Stuart, Florida; and Augusta, Maine. Ransomware costs organizations millions of dollars each year and can cause unrecoverable damage to information systems and company data.

Ransomware frequently enters organizations through email phishing attacks. Scammers have learned that it’s much easier to convince a person to give up information than it is to break through an organization’s security defenses. They are constantly developing new ways to get past spam filters and deliver convincing emails that look legitimate.

People tend to take things at face value, particularly when they appear to come from someone we trust. We also tend to move quickly and can miss small details that might otherwise make us stop and think.

Scammers depend on these human traits to trick us into doing things we might not otherwise do. Phishing scams frequently look like legitimate emails and might ask us to do things like click a link, open an attachment or enter login credentials. These actions open the door for ransomware to enter the organization.

Here are some ways to be an effective human firewall the next time you visit your inbox:

Be Skeptical. Were you expecting the message you received? Are you being asked for information or to do something you wouldn’t normally do? Hover your mouse cursor over links before you click to see where they are trying to take you and don’t click unless you recognize the address.

Slow Down. Scammers will include a sense of urgency to try and get you to act quickly and not look too closely at what you’re being asked to do. Take an extra moment before replying, clicking a link or opening an attachment.

Verify. If you’re suspicious of a message but it looks like it’s from someone you frequently work with, pick up the phone and give them a call to find out if they really sent you the email before opening any links or attachments.

Get a Second Opinion. Reach out to your supervisor or IT department and have them inspect the message.

Speak Up. If you find out that a message you received is a real phish, share what you learned with your colleagues so they won’t be fooled.

Accidents Happen. Don’t be afraid to tell your IT department if you clicked on a link or opened an attachment from a phishing email. The sooner you notify them, the sooner they can contain the threat and prevent further damage.

People are often an organization’s largest security vulnerability, but these tips might help save you from a ransomware attack.

Remember to be an effective human firewall: Stop and think before you click a link, open an attachment or enter your credentials.