Data breaches have made headlines around the world for the past few years, namely because the record-setting numbers of events have resulted in higher than ever compromised consumer records. But while the big names tend to get all the attention, the reality is they’re not just a “big dog” problem.

The truth is, small businesses are not only just as likely to fall victim to a data breach, in many ways they may actually be more of a target. A smaller budget to spend on high-tech security and a smaller IT department to handle issues as they arise can be enticing to hackers. Multipurpose computers on a single network, meaning that every desktop can access all of the same information regardless of the employee’s job duties, can leave the door wide open for a virus that roots around the entire network. Even the “round the clock” syndrome that a lot of small business owners fall into with their companies can result in a network that is constantly vulnerable to attack without downtime to back up the files, update the antivirus software, and other key tech functions.

How big is the threat? According to the Small Business Association, “More than half of Americans either own or work for a small business, and they create about two out of every three new jobs in the U.S. each year.” Small Business Week is an annual event dedicated to bringing awareness of the important role that these companies play in both the economy and our everyday lives, but also the threats these companies can face.

There are some things that small business owners and employees can do to help make security more of a priority without ruining their already solid budgeting. Some of them will carry costs that are a worthy investment, while others are free steps that everyone can incorporate.

1. Antivirus Software

Keeping strong AV software installed and up-to-date will go a long way towards sniffing out malicious software and preventing it from causing harm. It’s tempting to fall for the “home” versions that are often readily available for free; while they might afford you some protection against threats, they are not intended for workplace use and therefore carry no legal protection if you install them on your company computers.

2. Document Disposal

When it’s time to go through some old files and discard them, it’s important to rely on a full destruction method. Data breaches that can be traced back to lost, stolen or poorly discarded files are proof of that. Whether you use an in-office cross cut shredder or a document destruction service, make sure you’re not leaving key paperwork around for a dumpster diver to find it.

3. Training

Nothing you do will be more important than keeping the security conversation going with all of your employees. It’s important to establish a company policy on computer use—for both business devices and personal devices that can connect to your network—and that you update those policies regularly. Ongoing training on how to spot a hacking or spearphishing attempt, and how to respond to it, can go a long way towards preventing a breach.

One of the most important things your small business can do to avoid a data breach is to be mindful of what information you gather in the first place. It’s not enough to lock it up tight since mistakes can happen and the technology behind hacking gets more and more sophisticated every day. Instead, take a good look at what information you’re gathering in the first place, and then decide whether or not you actually need it. If you don’t need it, don’t request it…and certainly, don’t store it.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.