LOS ANGELES – An article this weekend in the Los Angeles Times detailed numerous examples of Southern California businesses that became victims of data breaches, in spite of what they thought were their best efforts to secure their data. The lesson? According to one business owner: "It's not a question of if you're going to have identity theft. It's a question of when — and are you prepared to deal with it?"

While the big data breaches make headlines — such as last year’s Target breach — for every high-profile case, there are dozens of threats to confidential data held by everyday enterprises: retail shops, doctor’s offices, colleges and countless small-business owners.

The crimes are committed not only by omnipresent hackers, but by thieves who snatch office computers, disgruntled vendors who use purloined data to slander businesses and poach employees, and ex-employees who turn traitor for profit.

Many small firms know little or nothing about cybersecurity, according to the National Small Business Association, despite the prevalence of data thefts. The trade group reported that 44% of respondents to a survey last year had been victims of at least one cyberattack, with an average $8,699.48 cost for each breach.

According to the LA Times article, California's size and wealth make its businesses a popular target, according to experts. "We are absolutely facing an epidemic of attacks on our nation's infrastructure and attempts to gain access to information," said Jason Oxman, chief executive of the Electronic Transactions Association. "But smaller merchants tend to be easier and more attractive targets for cyber criminals."

One example in the article was Rosenthal Wine Bar & Patio, a Malibu wine tasting room. Earlier this year, the business discovered malicious software on computer systems used to process credit card transactions at the wine shop.

Names, addresses, card account numbers, expiration dates and security codes may have been compromised, the company said in a March notification to customers. The reaction was immediate. Wine shop customers started using cash instead of credit cards. And though the business’s wine club was safe from the hack, some members canceled subscriptions. The incident resulted in numerous bad reviews on Yelp, even though only a handful of customers were affected by the breach.

Companies that process, store or transmit credit and debit card data are expected by card companies and payment processors to abide by the Payment Card Industry Data Security Standard, a checklist of protocols known as PCI. But it's not a federal requirement, and not all states mandate compliance. Many of the 8 million U.S. businesses that accept credit and debit cards don't bother. Investigators usually conduct audits only after a breach, to determine whether the company is liable for the fallout. Otherwise, proactive companies have to pay a fee for voluntary checkups.

Small-business owners may unknowingly leave themselves vulnerable to breaches by browsing social media or messaging friends on the same computer used to process financials. Others allow employees to log in to company networks remotely using easily stolen passwords or credentials. Many don't use anti-virus software because it seems costly or bothersome, and may not realize they've been breached until a payment card company notifies them of suspicious transactions.

One recommendation to avoid and address security issues: businesses should hire security consultants to search for weak spots in data protection. Then, develop a plan for exactly how to notify and help protect anyone whose data is stolen.