A recent survey completed on behalf of The Hartford shows that small business in general still doesn't do much in terms of information security and privacy. There is still a "It won't happen to us." mentality in the small business community. This is despite evidence from sources such as the Verizon Data Breach Report that shows small business are increasingly being targeted in cyberspace.

Here are three reasons why small business are often targeted.

1. They Are Easy Targets - With minimal security in place breaking in is easy. Most crime is about opportunity. If you make that opportunity low risk and not difficult, you've written an open invitation to be hacked. Regardless of if you think you have anything of value. I guarantee you do have something of value. The simple processing power of your computers is of value to a botnet.

2. Little Chance of Being Caught - Without proper security in place there can be little to monitor and evaluate if a breach has occurred. Look at it this way. A barn in the country with no telephone lines, no lights or electricity for an alarm system would be a low risk target for those worried about being caught. If attackers know you're not monitoring for suspicious activity they become very interested. And if they are successful but nothing changes, they'll be back. Over and over and over and over again.

3. You Have What They Want - Sensitive customer information such as names, ages, birthdates, social security numbers, account numbers, credit card numbers, medial histories are typical fodder for data thieves. But wait, there's more. Private company information such as salaries, customer lists, intellectual property, R&D documents and source code are just as popular. Even if you have none of this, hackers still need one thing you do have. Computers. They need your processing power and internet bandwidth to sustain their hacker networks. They can take control of your systems and use them whenever they want.

What should small business do then? The first is to implement basic security practices. Talk to your IT providers, use free government resources, have a conversation with a security consultant, listen to a webinar. Taking the first step is key. Knowledge is power. You may find that reducing your risk to a more acceptable level is a lot less expensive that you think. Being unprepared for and unable to thwart a cyber attack could cost you your business. Doesn't that justify at least an hour of your time ?