It’s easy to read about cyberattacks and think it’s someone else’s problem. After all, you’re not a prominent target, right?
Not necessarily, according to Susan Koski, PNC Bank’s Chief Information Security Officer. No business, regardless of size, is immune.
“We see any number of our clients fall victim to cyberattacks each year. And so many of these attacks occur because the victim didn’t think their business was big enough to merit attention,” Koski said.
The average cost of a data breach in 2023 globally reached an all-time high of $4.45M, having increased 15% over the past three years.[1] According to Verizon's Data Breach Investigations Report, 46% of all cyber breaches in 2020 affected businesses with fewer than 1,000 employees.[2] And, in 2022, 61% of all small businesses were the target of some form of cyberattack.[3]
The Small Business Threat Landscape
Phishing is the most common way for threat actors to breach organizations.[4] Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or clicking a link that performs actions, such as installing malware or enabling account takeover. These phishing attacks can then lead to two of the more prominent threats to small businesses: business email compromise and ransomware.
When it comes to business email compromise, it really pays to educate employees to scrutinize all incoming messages, even those that seem to come from a trusted sender, such as an attorney, a human resources officer, a known vendor, or even the CEO. A scammer can fake an identity, even setting up an e-mail address that appears almost identical to that of someone you know, with the domain being different only by a letter or two—or sent from the correct e-mail address via another domain.
And, if you’ve read the news, you know that ransomware has become an unfortunate reality for businesses of all sizes. Ransomware is malware that attempts to hijack your data, encrypting it so you don’t have access until a ransom is paid. And, to make matters even worse, the hacker will sometimes threaten to sell the encrypted data to other parties.
Best Practices for Strengthening Defenses
The odds of being on the receiving end of a cyberattack keep climbing. But as Koski points out, you can lower those same odds by protecting your data from being an easy target.
“PNC Bank continually invests in measures to prevent cyberattacks, but cybersecurity is a team sport, and our customers can help by staying alert to things that seem suspicious. We cannot emphasize enough that everyone should take vigorous measures to defend their data and operations. Preparation and vigilance are key,” she said.
Here are some things you can do that will help protect you and your business:
Train employees in security principles. This includes requiring strong and unique passwords and appropriate internet usage guidelines.
Keep technology up to date. Maintaining the most current security software, web browsers, and operating systems is your best defense against viruses, malware, and other online threats. Frequently back up critical business data to ensure business resiliency in the face of a threat.
Control physical and digital access. Laptops and mobile phones are especially prone to theft, so ensure you and your employees maintain physical control of these devices. Maintain a separate user account for each employee, with administrative privileges only accorded to trusted IT staff and key personnel. And require password-protection on employee mobile devices, encrypt data, and install security apps to prevent information theft.
Secure Wi-Fi networks. If your workplace has a Wi-Fi network, make sure it is secure, encrypted, and hidden.
Require multi-factor authentication. Implement multi-factor authentication that requires additional information beyond a password to gain entry. Layering defenses is a good way to create a more secure environment.
In short, as Koski puts it, “there’s plenty at stake when it comes to your data safety. It’s not just about protecting your business. It’s about safeguarding your customers, your vendors, and a good deal more.”
Remember: The World of Cybersecurity Changes Constantly
New threats arise, and new countermeasures are developed to combat them. That makes your security a never-ending priority for you, your business, your clients, and your employees.
Fortunately, there are resources available:
Visit PNC’s Security & Privacy Center for a library of resources on cyber threats and best practices for defending against them.
If you’re a PNC client and f you suspect that you are a victim of cyberattacks, contact PNC’s Treasury Management Client Care immediately at 1-800-669-1518, Option 1. Or, if you would like to learn more about protecting yourself from payments fraud, contact your PNC Relationship Manager or Treasury Management Officer.
Working together, we can better defend against the ever-increasing cyber threats.