When a burglar targets a street, he’s looking for soft targets. These are not the premises with sturdy doors and windows, conspicuous alarm systems and a ‘beware of the dog’ sign, they are the ones with the back door left wide open.

Real world thieves have this approach in common with cyber criminals, the vast majority of who look for weaknesses in the system rather than going to the time and trouble of overcoming a giant organisation’s mainframe head-on.

Data thieves, virus peddlers and other ne’er-do-wells of the virtual world know that big companies are for the most part completely locked down when it comes to their data security, but they know too that many small businesses, including those which supply big businesses, are extremely vulnerable to a ‘break in’.

“Big corporates have teams to deal with data security, but at the SMB-level there are incredibly varying degrees of security,” says Siobhan MacDermott, Chief Policy Officer at AVG Technologies, who has just published a paper outlining the risks to small and medium businesses as well as what CEOs can do to mitigate them.

“Some of them are very sophisticated with dedicated staff for IT and security, even privacy; or they might contract all of that out to a professional firm. Generally, the much smaller businesses will combine the role of PA, secretary or office manager with that of security chief.”

In simple terms, this lack of emphasis on data security and virus protection puts not only the subject business at risk but also its clients, partners and suppliers – in fact, anyone it shares data with.

To put the threat level into perspective, a recent study by Javelin Strategy & Research shows that a single credit card being compromised will result in an average loss of $1,600 (£1,053) to the owner. But with a national insurance number, address or driving license, a data thief could steal an entire identity, draining bank accounts and even opening new ones.

It’s not too ‘out-there’ a proposition: imagine how much sensitive data your family accountant, doctor or solicitor holds about you; could you, hand-on-heart, be sure they keep your information locked down and away from prying eyes?

The risk for small businesses is very real; mess with their data and you get shut down. Simple. But all is not lost; there are a number of things small businesses can do to protect themselves and their business partners.

These are great not only for security, but also for reputation. Having provable up-to-date anti-virus software and a data policy that’s water-tight will impress prospective clients – more so as technology plays an ever-greater role in how we do business.

“Make sure your patches are up-to-date and that not everyone in your organisation has an admin password,” says Ms MacDermott. “Restrict the access rights of people who don’t need them, especially interns who won’t be at the company long.

“Some of it is common sense: make sure you use strong passwords – and don’t make the password ‘password’! Encrypt your wifi and ensure everyone has the latest versions of software on their computers; updates often patch vulnerabilities uncovered in the programme.”

For most small businesses, the boss’ chief concern is making payroll every month and growing the business year-on-year. This is natural and understandable, but neglect details like client data protection and your payroll fears could be superseded by an even scarier data-related nightmare.

For more information about threats to your small business, check out AVG’s latest report.