NEW YORK (CNNMoney.com) - Many small business owners have a bull's-eye on their back, and they don't even know it.

As cybercriminals get more sophisticated, they are abandoning large-scale attacks on corporate firewalls in favor of smaller targets.

According to a survey conducted by the Small Business Technology Institute, 56 percent of small businesses experienced at least one security incident last year and less than 30 percent increased security spending during that time.

Small businesses are "the low hanging fruit in terms of a target because they lack the infrastructure to have really good defenses," said Mark Sunner, the chief technology officer of MessageLabs, an e-mail security company that processes more than a billion messages a week.

Generally, many corporations have much stronger infrastructure to fight spyware attacks and other Internet threats.

"Larger companies would have multiple layers of protection," said Ronald O'Brien, a senior security analyst at Sophos, a UK-based software security company, while smaller organizations often lack network security and an internal information technology (IT) staff to prevent Internet security attacks.

They also have fewer policies in place to help safeguard against viruses, and lack the financial and human resources available to rebound from an attack.

"This is a real threat that is financially motivated and will not stop spreading," said David Moll, CEO of Webroot Software, which makes anti-spyware software for consumers and small businesses.

It is difficult to quantify the economic impact, but cybercrime cost U.S. firms about $67 billion over the last year, according to the FBI's 2005 Cyber Crime Survey.

"Businesses have a serious responsibility to ensure their proprietary assets and employees' personal information is safeguarded," said Moll.

Small businesses don't have to be sitting ducks. One advantage smaller firms do have is their ability to share information and adapt quickly.

They can also follow these steps from Sophos to defend against viruses and spyware:

Use antivirus software. Install antivirus software on all of your desktops and servers, and ensure they are kept up to date. Because new viruses can spread extremely quickly, it is important to have a system in place that can update all the computers in your company seamlessly and frequently.

Filter e-mail. Consider filtering potentially malicious e-mail at the e-mail gateway to protect your business from the threats of e-mail-borne viruses, spam and spyware.

Fire up some firewalls. Computers connected to the outside world should be protected from Internet threats via firewalls; laptops and remote home workers should be included as well.

Back up your data. Make regular backups of important work and data, and check that the backups were successful. Also find a safe place to store your backups.

Introduce an antivirus policy. Produce a policy for safe computing and distribute it to all staff. Inform them of the dangers of downloading documents directly from the Internet, using screen savers and opening attachments from suspicious e-mail.

But for those companies unable to foot the bill to overhaul their network, there are also other options, advises John Thielens, the chief technology officer at Tumbleweed, an Internet security vendor.

Rather than invest in your own exchange server or firewall, "when you are a small company, you should really think about outsourcing," Thielens said.

"This is where outsourcing just completely makes sense," agrees Sunner.

"Building an IT security infrastructure shouldn't be left to amateurs, because the bad guys are professionals," Thielens said.

-----------------------------

Click here for 5 deadly mistakes when starting a business.

Cybercrime is on the rise, click here for more.

ID theft: Are you the next victim? Click here.