"We caught a virus that actually moved from one machine to another," Sigler says. "Someone just opened something they shouldn't have opened."
For companies like Jones & Wenner, the Internet is a powerful enabler of new efficiencies. But it also exposes them to savvy and persistent cybercriminals seeking weak prey.
Some attackers specialize in breaching company websites to pilfer business documents and customer information. Others are expert at poisoning a company's Web pages as a means to infect and take control of visitors' PCs.
Small and midsize businesses — so-called SMBs, those with five to 5,000 employees — face a heightened risk, because many lack the wherewithal to recover from the long-run consequences of a serious breach, says Lawrence Pingree, research director at technology research firm Gartner. So SMBs have begun to increase spending on specialized help to shore up security in basic areas, including spam filtering, website defenses, data encryption and basic anti-virus protection.
(Read More: Why Small Banks Aren't Always Best for Business Loans)
Global spending on security equipment and software by companies of all sizes is in the midst of a multiyear run of 8.9 percent annual growth — and is projected to rise to $85.8 billion in 2016, up from $56 billion in 2011, despite a sputtering economy, according to Gartner.
"Security spending tends to be resilient in bad economic times, as bad economics typically lead to higher rates of fraud and criminal activities," Pingree says. "Most companies continue to enhance security measures against adaptive and more heavily targeted attacks."
Sigler, for example, had to rebuild the operating systems of several corrupted PCs, causing downtime for workers who depend on their machines to provide customer service and interact with partner insurance carriers.
She went shopping for help and found AppRiver, a Gulf Breeze, Fla.-based company that filters spam and provides other hosted security services for some 45,000 clients, mostly smaller companies.
The insurance firm now routes all of its incoming e-mail to AppRiver for cleansing. "It's like night and day," Sigler says. "We're about selling insurance, so that's not really where we wanted to spend our time."
Spammers aren't expected to relent anytime soon. In the first six months of this year, spam accounted for 82 percent of all email traffic, and the number of new viruses carried in email spam continues to climb, according to AppRiver.
In the first half of 2012, AppRiver intercepted 470 million e-mails carrying malicious software, double the 235 million pieces intercepted in the first six months of 2011. "Spam volume is actually slightly less than it has been over the past decade, but it's still very high," says Joel Smith, AppRiver's chief technology officer. "And the stuff that's out there is much more malicious."
It's not just spammers that small and midsize businesses need to repel on a daily basis. Specialist hackers are adept at stealing data and planting infections in Web pages.
At the Hastings & Prince Edward Counties Health Unit, a government agency in Ontario, Canada, Tom Lockhart oversees the IT systems used by 150 public employees who deliver health services to 175,000 residents from two counties.
As the agency put more services online, including immunization records, flu inoculation programs and well-water inspections, it took in more personal information — and became a bigger target. Lockhart found himself spending an inordinate amount of time trying to fend off attacks, and rarely feeling truly at ease.
"I spent a lot of time keeping an eye on the traffic log, sanitizing code, patching and dealing with exploits," Lockhart says. "Sometimes I'd have to take services offline to make sure that was done."
Then he installed a new type of firewall from Barracuda Networks that essentially puts the agency on the offensive, knocking down any suspicious website probes that appear to be coming in from a would-be intruder.