If the threat of a data breach is keeping you up at night, you're far from alone. In a 2024 U.S. Chamber of Commerce survey, 60% of small business owners cited cybersecurity threats as the biggest threat to their business — looming even larger than the threat of another pandemic.[1]
Unfortunately, these concerns are well-founded. The average cost of a data breach continues to soar, reaching $4.88M in 2024[2] — more than enough to make or break many small businesses. And there are other costs to consider, too. A data breach can permanently damage your customer relationships, eroding trust with even your most loyal customers.
However, there are several steps to take to protect your business — here are a few to consider as you safeguard your data.
1. Encrypt Sensitive Data
Encryption provides a strong layer of defense against data breaches. It scrambles information to conceal its true content, and can only be “decoded” by using a decryption key held by an authorized party, making it useless to third parties who may intercept the data.
Here’s an example of how encryption works in practice during a credit card transaction:
1. A customer makes a purchase at a point of sale using their credit card.
2. The transaction information (including the cards’ payment data) is encrypted, and then sent to the payment processor.
3. The payment processor decrypts the payment information to authorize the transaction.
4. The transaction successfully completes.
Data encryption can be used to protect your business’ sensitive data — such as payment information, of course, but also personally identifiable information for you and your employees, as well as your business’ intellectual property.
Pro tips:
- When you’re selecting a payment processing solution, ensure you choose one that is PCI Compliant. This means that the system meets industry-wide security standards to keep your customers’ payment information safe.
- Consider selecting a solution that allows you to accept digital wallets, such as Apple Pay and Google Pay. Digital wallets provide an extra layer of security during transactions, allowing customers to make a purchase without sharing their information with merchants directly.
- Make sure you set up a VPN for all computer access to the Internet. This enables you to encrypt all online communications, sending them through a tunnel to create an additional layer of privacy.
2. Keep Your Systems Updated
Cybercriminals are continually devising new ways to steal sensitive data, which means new security threats pop up daily. As a result, using out-of-date technologies or failing to keep up with software updates may leave you vulnerable to a cyberattack.
Keeping your technology up to date helps ensure you continually have access to the latest protection. Regularly review and patch systems, applications and devices to eliminate any vulnerable pathways. If you’re not comfortable doing this yourself, or with the IT expertise already on your team, consider budgeting for an IT consultant to occasionally check the health of your systems and manage security. It’s also advisable to purchase off-the-shelf products that will enable things like firewalls and virus detection. These systems help add layers of protection and monitoring for anomalies.
3. Develop an Emergency Response Plan
Of course, even updated and compliant systems can’t eliminate the risk of cyberattaccks entirely — so it’s important to have an emergency response plan to help you plan how you would recover if attacked. This approach means you hope for the best but plan for the worst.
It’s critical for businesses of all sizes to effectively plan for, respond to, manage and mitigate the damage caused by cyber incidents to help to protect data, assets and operations. Simple things like keeping back-ups of data can go a long way in helping protect your business from a cyber attack, particularly if someone attacks and holds your data for ransom.
Emergency response planning should chart actions that allow you to:
- Minimize damage and reduce recovery time and costs.
- Protect sensitive data and maintain customer trust.
- Comply with legal and regulatory requirements.
- Ensure business continuity.
4. Establish Two-way Security Communication With Employees
Keeping your business secure requires pairing the right technologies with appropriate staff training. Nearly two-thirds of data breaches involve some sort of non-malicious human element, according to Verizon’s 2024 Data Breach Investigations Report[3], which means you can help reduce the risk of a breach with proper education and a healthy means of communication.
For employees who operate digitally, find trainings on how to spot and report common phishing attempts. These trainings ensure employees are aware of common red flags, such as suspicious links or attachments, unusual requests from known entities, and emails from unknown email addresses impersonating customers or colleagues.
Have standard operating procedures in place for you to notify employees of any threats and for employees to respond to these threats and access security policies to identify the next best steps.
Pro Tip:
- If your business experiences a successful breach, file a report with the Internet Crime Complaint Center[4] as soon as possible.
How Your Bank Can Help
Ultimately, keeping your business’ data safe requires multiple experts — especially cybersecurity experts. However, your bank can help you access the resources you may need to manage your security.
For one, a bank that offers merchant services can provide PCI compliant payment processing solutions, allowing you to accept a range of payment types — credit cards, debit cards, mobile wallets, online payments — while keeping customers’ payment information safe.
They can also help connect you to the financing or funding you need to upgrade or maintain a secure IT infrastructure, and help you manage your cash flow to accommodate IT costs. Finally, a bank that offers financial wellness benefits can help you create enticing benefits packages to attract top talent — including cybersecurity experts who can keep your business safe.
If you’re looking to protect your business’ data, we’re here to help with PCI compliant payment processing solutions, flexible financing solutions and financial wellness benefits to meet your needs. To learn more, and to find a small business banking expert near you, visit us online.
Video Transcript:
Narrator: Cybercrime is an ever present and evolving threat that every company must address. Cybercriminals are relentless in their quest to find and exploit security weaknesses, putting your valuable data at risk.
To stay ahead in this ongoing battle, it is imperative for your company to systematically identify potential risks, document the corresponding controls, and proactively remediate any gaps. Encryption of data, both at rest and in transit, is a fundamental measure that renders stolen data useless to cybercriminals.
Regularly patching systems, applications, and devices is essential to eliminate easy pathways for breaches. Employees often constitute the most vulnerable link in the security chain. Many lack a full understanding of the sophisticated threats targeting your organization. Educating your workforce is crucial.
Teach them to recognize the hallmarks of common schemes, such as phishing emails, which deceive employees into divulging sensitive information. Moreover, implement strict access controls to ensure employees only have access to the data necessary for their roles. Deploying an intrusion detection system is a critical step in safeguarding your network. An IDS continuously monitors your network for suspicious activity, generating alerts that allow security professionals to swiftly examine and respond to potential threats. In the event of a ransomware attack, contacting federal law enforcement can aid in mitigating the attack, preventing future incidents, and pursuing the perpetrators.
Despite all precautions, the possibility of a data breach remains. A systematic and efficient response can significantly minimize the impact. Developing a comprehensive incident response plan that outlines detailed steps for your organization to follow in the event of a breach is paramount. Conducting annual dry runs to test the effectiveness of this plan ensures that your team is prepared to act swiftly and efficiently.
It is crucial to remember that cybercriminals succeed by finding and exploiting vulnerabilities in your security defenses. Addressing these weaknesses promptly and effectively is essential to safeguarding your organization's assets. Staying informed about the latest cyber threats and adopting a proactive security posture is the hallmark of a resilient organization.
In the complex landscape of cybersecurity, having expert support can make all the difference. Learn more at pnc.com/businessinsights.
