Jan 22, 2015 · 1 minute

A week can't pass without a company revealing that information about millions of consumers' credit cards, email addresses, and other personal data has been stolen. Some data breaches are more high-profile than others -- Target's and Home Depot's hackings come to mind -- but new thefts are being disclosed on a near-constant basis.

Large companies aren't the only ones vulnerable to attack, either. A report from the Guardian, citing the findings of a McAfee study, reveals that 90 percent of small-and medium-sized businesses in the United States haven't bothered to protect their data. Visiting a mom-and-pop store isn't much safer than shopping at a larger company.

Indeed, it might even be riskier. Corporations might not defend themselves as well as they should, but many will at least notice a breach and warn their customers about it. And a series of rulings by a judge overseeing efforts to sue Target for its data breach should convince large companies to invest more in protecting consumer information.

Smaller businesses often don't have the know-how to spot these breaches, and many don't have much incentive to better safeguard their customers' information. Anyone whose credit cards are compromised by shopping at a mom-and-pop store is more likely to assume the problem started with a large company than with their local businesses.

Yet these small businesses collect some of the same information as larger counterparts. It's not like they don't need to gather credit card data to enable purchases, or keep some kind of record about what was purchased from their store and when. (They might not be as gung-ho about gathering email addresses and other data, though, I'll grant them that.)

An earlier study showed that retailers in the United Kingdom haven't implemented basic security measures. Shops in the United States are probably about as likely to have taken steps to secure their customers' information. And until enough consumers are burned by a small business's poor security practices, that probably won't change.

The only thing left for consumers to do -- besides paying with cash and wearing a tinfoil hat -- is hope that there's some security in obscurity. A small business won't have information on as many people as larger ones, and even though it's easy to target smaller shops, the rewards might not be worth even the minuscule risks.

[Image via Lera Blog]