The cyber threat against small businesses is greater than ever – and Internet security firm Symantec says most small companies aren’t taking the steps to protect themselves.

According to Symantec’s Internet Security Threat report, 2013 saw more heightened and sustained criminal activity against small businesses.

“Targeted attacks against small businesses almost doubled last year – it was up 91%. And it lasted three times longer than what we saw in 2012,” says Brian Burch, Symantec’s vice president of Global Consumer and Small Business Segment Marketing.

Longer attacks, says Burch, hurt small businesses more than they do large enterprises.

“You’re wearing down a company with [fewer] resources, who can’t batten down the hatch and ride out the storm,” says Burch. “Frankly, there’s more to steal from [SMBs] than consumers, and they’re a lot less secure than a lot of large enterprises,” says Burch.

Types of Attacks

Burch says there are two main types of attacks occurring against small businesses.

Ransomware attacks are those in which criminals invade computers at a company and rapidly encrypt important data. Burch says there was a 500% increase in these kinds of attacks last year.

“[The cyber criminals] will attempt to represent themselves as law enforcements and say illegal activity has occurred, and your computer has been locked by the FBI or the CIA,” says Burch. Then, they’ll demand a fee payable in cyber currency.

While the fee is not high – Burch says often it ranges from $300 to $500 – businesses often need professional assistance to recover their encrypted data.

The second kind of attack is often undetectable – even by the victim. Burch says cyber-criminal syndicates are increasingly using small businesses, often those working in the supply chain of large companies, as Trojan horses to attack major enterprises. These types of attacks were particularly pervasive during the holiday season, he says.

Tips for Protecting Your Small Business

Here are Burch’ top three security tips:

  1. Back up, back up, back up.
    Especially in the case of ransomware attacks, having a copy of your business’s important data is critical, says Burch. Make sure you have a backup plan in place so that you don’t lose any valuable time in the case of an attack.
  2. Go beyond antivirus protection.
    Burch says antivirus software is a good start, but it’s not nearly enough protection in today’s cybercrime environment. Burch says the key is having layers of protection that can protect against phishing, spying and other criminal attacks. A security expert can help determine what sort of safeguards your particular business needs to have in place.
  3. Encrypt emails and valuable data.
    If a hacker does infiltrate your systems, you want to make it more difficult for him or her to walk away with important information (like your customers’ credit card numbers). Encrypting your data and emails, says Burch, is a great way to further protect your business against hackers.

All in all, Burch says proper cyber security precautions don’t need to break the bank.

“Industrial strength or commercial grade [protection] is not dramatically expensive. It can be in the neighborhood of $30 per device or individual per year … You can do a fantastic job for just a few thousand dollars,” he says.

Follow Gabrielle Karol on Twitter @GabrielleKarol