As the story of the recent data breach at Target and other mega-retailers continues to evolve, it might be tempting to turn a bit cynical — “Better them than us!” — or downright naive — “That will never happen to us!” Either would be a mistake.


Sure, small businesses will likely never deal with an incident the size and scope of the Target breach: up to 70 million customers affected, endless news coverage, an upcoming Senate hearing, and no real end in sight. But smaller companies deal with security risks and related problems, too, and the fallout can be tremendous, especially with your customers.


Let’s look at three lessons we can learn from the ongoing Target story.


1. Small companies get hacked, too.


Like other huge brands, Target is a juicy, er, target for criminals and trophy-hunting hackers. When a company like Target gets hit, it’s headline news. Small businesses might not attract the same kind of media attention, but they’re still big targets for crooks. Security laziness, both online and off, is essentially an invitation for a data breach or other incident. What’s more, the FBI recently warned U.S. retailers that more attacks are coming. No matter your industry or the size of your business, take appropriate steps to secure your banking data, customer information and other assets. Not doing so is the equivalent of leaving all of your doors and windows unlocked while you’re away on vacation.


2. It can hurt even if it’s not your fault.


One of the fascinating aspects of the Target incident is its snowball effect — Target and its customers are hardly the only groups affected here. Banks and credit card issuers, for example, must deal with the customer service fallout, too. U.S. Bank, for one, will reissue 1.2 million credit and debit cards impacted by the breach, and many other institutions are proactively communicating with customers, in part to keep their call centers from becoming unnecessarily deluged.


Keep in mind that a problem at a partner, vendor, or other stakeholder could quickly become your problem, too, and customers won’t much care whose fault it was — only how they’re affected.


3. Plan for bad days.


Whether it’s a data breach or other customer-related incident, advance planning can help minimize the pain when things go wrong. For online security issues, check out the Online Trust Alliance’s 2014 Data Protection & Breach Readiness Guide as a place to start.


Regardless of the root cause of any security breach or other customer-facing incident, appropriate communication is critical. It’s a big part of most disaster preparedness plans (or should be) that organizations use to manage risks and handle various incidents. Keeping quiet and hoping the problem goes away — especially if that problem is a loss of customer data — isn’t a strategy.


Include your toll free numbers, website(s), email, online chat, and your social media accounts in your communication strategy. Target created a microsite specifically for FAQs and other breach-related communications, for example. Depending on nature and scope of the problem, you may need to temporarily boost staffing — not unlike how you would during peak business periods. Target’s call centers were, not surprisingly, crushed by calls in the wake of the data breach.


What else can small businesses take away from this incident? Please share in the comments below.