By Rick Cimakasky โ Fraud & Security Officer
Bringing his extensive expertise from the FBI, Rick Cimakasky manages Penn Community Bankโs robust customer and data safety protocols โ guarding assets while understanding and addressing emerging threats in the ever-evolving landscape of financial crimes.
Many business owners have dangerous misconceptions about what it takes to properly secure their data and prevent fraud. Letโs debunk some common myths with facts.
Misconception 1: Basic antivirus is enough protection
Although antivirus software is better than nothing, it has limitations. According to a 2019 study, 60% of breaches involved hacking and social engineering, which easily evade antivirus detection. Sophisticated cyberattacks require a layered security approach with firewalls, endpoint protection, email security, intrusion prevention systems, and regular patching and upgrades.
Misconception 2: Weโre too niche to be a target
Most businesses incorrectly assume their company is unlikely to be targeted in a cyberattack. However, greater than 40% of cyberattacks are aimed at small businesses. Cybercriminals often go after smaller companies because they have weaker defenses compared to large enterprises. No organization is immune from potential data breaches regardless of size or assets.
Misconception 3: Our data arenโt valuable
All businesses have data worth stealing, whether itโs customer credit cards, employee records, intellectual property, or proprietary information that gives you a competitive advantage. In fact, data are now valued as a top four asset at public companies. Cybercriminals can easily sell stolen data on the dark web for profit. Your data have tangible value and need protection.
Misconception 4: Fraud only happens online or remotely
Employee theft, inventory pilfering, and other insider fraud can devastate businesses from within. Robust policies and security controls are needed on premises and online.
Misconception 5: Our people wonโt fall for scams
One of the most dangerous misconceptions is thinking your employees wonโt fall victim to social engineering scams like phishing emails. In reality, 90% of cyberattacks involve a human element like phishing. Ongoing security awareness training is crucial because your people are often the weakest link exploited by attackers. Skepticism, vigilance, and the proclivity to trust but verify must be ingrained in company culture.
Avoid falling into these common misconception traps, and work with experienced internal or external cybersecurity professionals who will help you monitor for imminent threats, deploy a multilayered approach to protecting your sensitive data with timely safeguards, and build a comprehensive security education program that will help you and your employees avoid trending scams such as business email compromises, spoofing attacks, and malware.
If you every have any questions about your financial security or feel you may have been the victim of fraudulent activity, contact your Penn Community Bank relationship manager or our Customer Care Center at 215-788-1234.
