New cybercrime statistics are enough to keep Internet-savvy small businesses up at night.

According to YourMoneyIsNotSafeInTheBank.org, small-business accounts suffered more than $40 million in cybercrime losses as of 2009. The Web site also cites FDIC figures indicating this type of crime increased five-fold within a 12-month period. The FBI is tracking hundreds of related cases.

Want more bad news? Small and medium-sized organizations have become the primary targets of the Eastern European hacker gangs. These cybercriminals tend to prey on smaller businesses and banks that lack the cyber-fraud controls many larger institutions have in place.

And here’s the last scary thought. If your small business caters to travel, education, financial services, government services or IT services, you could be a target of cybercriminals. So says a recent phishing study from KnowB4.

KnowBe4 sent out a simulated phishing e-mail to employees at more than 3,500 small to mid-sized businesses. Individuals who clicked the link were directed to a landing page that informed them they had just taken part in phishing research. A whopping 29,000 people at more than 3,000 businesses opened the e-mails—and at least one employee at 500 of those firms clicked the link. If it had been a real cybercriminal, those small businesses would have been infected with malware, malicious software that aims to steal information for criminal purposes.

"Any business that provides access to e-mail or access to its networks via the Internet is only as safe from cybercrime to the degree that its employees are trained to avoid phishing emails and other cyberheist schemes,” says Stu Sjouwerman, CEO of KnowBe4. “The more employees within an organization that use e-mail or go online, the greater the risk of exposure to cybercrime.”

As Sjouwerman sees it, these cybercrime statistics should serve as a wake-up call to small- to mid-sized businesses around the country. That’s because these businesses are not only at risk for financial loss through a cyberheist—their susceptibility to phishing tactics could compromise sensitive customer data such as credit card, bank account and social security numbers.

With so many headlines about hack attacks, why are so many small businesses susceptible to the phishing tricks of cyber criminals? Sjouwerman explains it this way: a false sense of security. "Most people assume that antivirus software and an in-house IT team provide sufficient data security,” he says. “But considering that IT is among the most phish-prone industries, it's clear that's a very dangerous assumption to make."

How can your small business protect itself? Understand the sophisticated tactics cybercriminals use. For starts, these World Wide Web bad guys tend to send e-mails that look like they are coming from official, trusted sources. Those sources include government agencies, business partners or even company executives.

"Many of the top phish-prone industries are regulated and subject to compliance rules, so well-meaning employees can be tricked into clicking a link if they believe an e-mail was sent by a government or law enforcement agency, or by someone they know and trust,” Sjouwerman says. “And with just one click, malware can be instantly uploaded to a system, bypassing both antivirus software and IT firewalls. A cyberheist can be underway within minutes."

Want more insights? Sjouwerman recently published his fourth book, Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

Check out this video on how to avoid phishing scams.