Bringing his extensive expertise from the FBI, Rick Cimakasky manages Penn Community Bank’s robust customer and data safety protocols — guarding assets while understanding and addressing emerging threats in the ever-evolving landscape of financial crimes.
Many business owners have dangerous misconceptions about what it takes to properly secure their data and prevent fraud. Let’s debunk some common myths with facts.
Misconception 1: Basic Antivirus Is Enough Protection
Although antivirus software is better than nothing, it has limitations. According to a 2019 study, 60 percent of breaches involved hacking and social engineering, which easily evade antivirus detection. Sophisticated cyberattacks require a layered security approach with firewalls, endpoint protection, email security, intrusion prevention systems, and regular patching and upgrades.
Misconception 2: We’re Too Niche To Be a Target
Most businesses incorrectly assume their company is unlikely to be targeted in a cyberattack. However, more than 40 percent of cyberattacks are aimed at small businesses. Cybercriminals often go after smaller companies because they have weaker defenses compared to large enterprises. No organization is immune from potential data breaches regardless of size or assets.
Misconception 3: Our Data Aren’t Valuable
All businesses have data worth stealing, whether it’s customer credit cards, employee records, intellectual property, or proprietary information that gives you a competitive advantage. In fact, data are now valued as a top four asset at public companies. Cybercriminals can easily sell stolen data on the dark web for profit. Your data have tangible value and need protection.
Misconception 4: Fraud Only Happens Online or Remotely
Employee theft, inventory pilfering, and other insider fraud can devastate businesses from within. Robust policies and security controls are needed on-premises and online.
Misconception 5: Our People Won’t Fall for Scams
One of the most dangerous misconceptions is thinking your employees won’t fall victim to social engineering scams like phishing emails. In reality, 90 percent of cyberattacks involve a human element like phishing. Ongoing security awareness training is crucial because your people are often the weakest link exploited by attackers. Skepticism, vigilance, and the proclivity to trust but verify must be ingrained in company culture.
Avoid falling into these common misconception traps, and work with experienced internal or external cybersecurity professionals who will help you monitor for imminent threats, deploy a multilayered approach to protecting your sensitive data with timely safeguards, and build a comprehensive security education program that will help you and your employees avoid trending scams such as business email compromises, spoofing attacks, and malware.
If you ever have any questions about your financial security or feel you may have been the victim of fraudulent activity, contact your Penn Community Bank relationship manager or the Customer Care Center at 215-788-1234.
Learn more at Penn Community Bank.
