– Randell Heath isn’t sure how hackers got into his company’s website — all he knows is a supplier called, saying the site had become an online store selling Viagra and Cialis.

The problem might have been at the company that hosts the site. It might have been that Heath’s passwords weren’t strong enough. But the invasion taught Heath a lesson that computer experts say many small business owners still need: Keeping your company’s computers and online sites safe isn’t a one-time operation, but requires continual vigilance as new kinds of attacks emerge.

“I’m planning on attending a ‘Cybersecurity for Small Business’ briefing,” said Heath, president of Coldsweep, a Mountain Green, Utah-based company that uses dry ice to clean surfaces.

The chances of a small business being invaded, of having computers, smartphones, tablets and even bank accounts hacked because of poor cybersecurity, are rapidly growing. And some of the very things small businesses are encouraged to do to make themselves more visible, like having blogs, can also make them more vulnerable.

Symantec, a maker of computer security software, analyzed threats and cyberattacks that its network encountered and found that 43 percent of all cyberattacks in 2015 targeted small businesses.

Just from 2014 to 2015, Symantec saw a 36 percent increase in new malware, and a nearly 80 percent increase in new variations of the malware targeting Android users.

The company also counted one instance of malware in every 220 e-mails, a bigger risk than one in 244 in 2014. And even after all the warnings, a primary culprit was attachments or links that employees click on, allowing hackers to damage or delete files, track a user’s actions or steal data like passwords.

Invasions that render a computer’s files unusable unless the user pays a ransom have also surged. Cybercriminals who use this method are aggressive — one variation of ransomware attacked an estimated 100,000 computers a day within weeks of its release last year, the FBI said.

The costs of an invasion can be steep. Heath estimates he lost $10,000 in business because the site was down. He didn’t have to pay to have the website rebuilt because his business was part of an incubator where tech help was available for free. But recreating a website could run a business well into the thousands of dollars.

Many owners believe they don’t have the resources — human or financial — to keep their companies safe, which takes keeping up with frequent security updates for software and equipment.

“The CEO is also the marketing person and also the [information technology] person. They simply don’t have the wherewithal to manage computing platforms day to day,” said Tom Desot, chief information officer at Digital Defense Inc., which helps companies protect against cyberattacks.

Desot estimates that a company with 30 to 50 employees might have to spend upward of $50,000 initially to give all its equipment the best possible protection, which includes sophisticated software and firewalls to keep intruders out, and then thousands each year to keep their security up to date. Smaller companies would have a much lower expense, but many owners still shy away from a cost that can seem prohibitive.

But there’s a bigger problem: owners’ willful ignorance, said Diana Burley, a professor at George Washington University whose expertise includes cybersecurity.

Some owners don’t pay attention to notices about patches or updates from computer or software makers, Burley said. Those downloads often contain security improvements because tech companies have discovered problems that make their products more vulnerable to attack.

Many owners don’t consider when they download software or apps for their phones and tablets that those could contain malware. Even on a legitimate website, thieves sometimes attach invasive programs to ads. And using public Wi-Fi — convenient but usually lax on security — makes it easy for hackers using scanners to steal information if people log into e-mail or bank accounts.

But many problems have solutions. Owners can start by looking for the same kind of briefing Heath sought out. Setting up a virtual private network, or VPN, can make it safe to conduct your business over public Wi-Fi, suggested Aaron Hanson, a product marketing executive with Symantec. A VPN allows information to be sent so it can’t be read by cybercriminals that might intercept it.

Businesses can also back up their data with a security company that could restore most if not all of their files in the event of ransomware or other attack.