If you run a small business, you might assume that you’re small enough to go under the radar of cyberthieves and other criminals. But unfortunately, criminals who have found large companies with big security budgets hard targets to crack have shifted their focus to smaller businesses, which are perceived as more vulnerable. Cyberattacks on small businesses rose from 18 percent of all attacks in 2011 to 43 percent of all attacks in 2015, according to Symantec’s 2016 Internet Security Threat Report. Meanwhile, four in ten small businesses will experience a property or general liability claim over the next ten years, with burglary and theft accounting for one in five of these claims, a claims analysis by The Hartford shows. Protecting your business from these risks requires a comprehensive security policy that encompasses both physical and digital threats. Here are some tips and tools for keeping your small business secure from these risks.

Stopping Burglary and Theft

The Hartford recommends taking several steps to prevent physical burglary and theft. Security starts by protecting yourself internally against employee theft. Conduct background checks on new employees. Install security cameras and network monitoring software to monitor key security vulnerabilities. Train your staff in your security procedures, taking the opportunity to discourage theft by letting employees know that you take security seriously.

To guard against external intruders, install devices to prevent unauthorized entry, including fencing and gates around parking lots and buildings. Install adequate lighting and security cameras and alarms to alert you to invasive entry attempts.

Stopping Fraud

Burglars and thieves break in, but fraud perpetrators rob you right under your nose. The typical organization loses 5 percent of its income annually due to employee fraud, according to the Association of Certified Fraud Examiners. 90 percent of all fraud cases involve asset misappropriation, which includes stealing cash prior to recording, making false reimbursement claims or stealing non-cash assets.

Preventing internal fraud starts with knowing your employees and observing signs of at-risk behavior, such as indications of discontent or hostile attitude changes. Make employees aware of your fraud risk policy to deter fraudulent behavior and set up a reporting system where employees can provide tips to suspicious behavior. Tips are responsible for stopping 40 percent of occupational fraud. Use internal checks and balances, such as having one employee tally cash and check register receipts, having another prepare the deposit slip and having a third bring the deposit to the bank. Rotate employees who never miss vacation, which fraud perpetrators may do in order to conceal their activity, so that you can have another employee check on the activity of the first. Hire professional fraud examiners, CPAs and financial forensics experts to advise you.

Fraud can also come from outside in such forms as counterfeit credit card and check schemes. Reduce the risk of credit card fraud by installing the latest chip card readers. Prevent check schemes with steps such as using Intuit’s Secure Plus and Secure Premiere Voucher Checks, which use multiple security tactics such as custom true watermarks that prevent counterfeiting, heat-sensitive icons that prevent photocopying, security coating to block tampering with information and holograms that make checks virtually impossible to counterfeit.

Guarding against Data Breaches

Data breaches are another risk that must be included in a comprehensive security strategy. Kroll recommends that you develop a data breach prevention plan that extends beyond IT security to include factors such as employee exit strategies, on- and off-site data storage, and remote work protocol. Follow basic best practices such as not collecting data you don’t need, purging data once it’s no longer needed, reducing the number of places you store data and granting access to data on an as-needed-only basis. Keep security updates current. Use encryption, but don’t rely on it exclusively. Educate employees about data protection procedures, including remote workers. Conduct periodic risk assessments with support from outside experts. Develop a plan for responding in the event of a data breach so you are not caught off guard if it happens.