Tighten Endpoint Security Too

Cowlings said he fell victim to data thieves who sold his financial information, as well as other people's, on the underground economy. "My mortgage company allowed low-level staff to access the database, and all my information was burned onto a disc and sold to the underground economy," he said.

He recommended that all SMBs employ endpoint security measures as well, such as software that throws up a red flag if someone is copying information to a portable device like a USB drive. "Information that is sensitive should probably remain in an encrypted database," he said. SMBs should also ensure that employees use strong passwords and change them on a regular basis.

Because many SMBs rely on Web-based transactions and technology to cut costs and stay competitive, Cowings said smaller companies need to broadcast very clearly to their customers the lengths to which they have gone to protect private information, and guide customers toward best practices for avoiding fraud when not on the company's Web site. "It not enough anymore to see the little padlock on the bottom of your browser window and think you're on a secure site," he said.

As the holiday shopping season approaches, Cowings said SMBs that are drawing new business through Web purchasing need to be aware what level of education they are providing the customer. "As more and more people start adapting and making online payments and purchases, there may be some hesitancy with people who are using online store sales," he said. "I want to make sure I feel secure giving them my information."