Fears small businesses are leaving peoples’ data vulnerable