Small businesses can innocently expose themselves to cybercrime when an employee opens an email that appears to be from the CEO, not updating the anti-virus program or having a laptop lost or stolen.