It always makes headlines when major corporations like Sony or Disney get hacked.

The panic of millions of users’ information being compromised, the shock of such powerful figures being revealed to be vulnerable, the tension of what will happen next, it really gets people talking. While it’s a shame that we don’t discuss these sorts of problems until after they’ve occurred, and while it’s a tragedy that we quickly forget the matter until something similar happens all over again, it’s downright disgraceful that we only talk about it when it happens to those in the big leagues of business.

Make no mistake, small and medium sized businesses are just as vulnerable to attack, the only difference is that it doesn’t make the news.

The lack of coverage when it comes to smaller companies being compromised leaves most to assume that such businesses are effectively immune to the danger, but that mentality couldn’t be more wrong. Indeed, it’s that very thought process that actually puts them more at risk, and the lack of attention that makes so many cases go unnoticed.

While it may seem as though a small business isn’t worth the time and effort for a hacker to target when there are so many bigger fish to fry, the truth is that SMBs make ideal prey due to having more assets than an individual consumer while still having less security than a larger company. A small business may not have the millions of users that a larger corporation maintains, but if a small business has even a handful of clients and employees, that chunk of sensitive information is still valuable, especially to the people it belongs to.

Should a hacker gain access, they could copy the information and either use it for themselves or sell it on the dark web. What’s worse, they could potentially hijack control of the small business’s system and hold it hostage, demanding the business owner pay a ransom if they want their data back. Such an event can be devastating, as there’s obviously no guarantee that the hackers will keep their word after their demands have been met, they’ve more than likely already put the information for sale on the dark web, and even if the situation is somehow resolved, the damage to your clients’ trust could be irreparably damaged.

Remember, the only thing worse than having to inform your users that their information has been stolen is getting caught trying to hide the truth from them.

Now that we’ve established how important it is to keep your business secure, let’s go over what measures you can take to protect it.

For starters, it’s important to realize the number one cause of security breaches: human error.

All it takes is for an employee to receive a BCE (Business Compromise Email, also known as Phishing Email) and accidentally click on the link or open the attachment. That simple innocuous action can end up infecting their computer with all kinds of malware, programs designed to infiltrate and compromise the device’s security. If the computer is not properly protected, the virus could gain access to any connected networks, spreading like wildfire as it infects whatever is available. What started as an honest mistake could end up bringing down the entire company, so it’s critical for you to employ the proper precautions.

Begin by installing a reputable antivirus software on all computers, as well as a firewall for additional protection. Having a consistently updated data backup solution will keep a safe copy of all information, should anything be lost during a breach. Encryption software on sensitive information such as records for clients and employees is also important, such as two-step authentication or password security software to protect against unauthorized entries.

Now that you’ve got a good foundation to work from, run a risk assessment of your company systems to find vulnerabilities, then develop ways to resolve any issues you identify. Continually updating your software, training your employees on safe practices when using company networks, and developing plans on what to do in the event of a security breach to minimize potential damage are all recommended steps towards securing your business.

It may sound like a lot of work, but putting in the effort now could be what saves you from losing your clients and career later.