Cybercrime is rising. Here’s how to protect your business | Expert Opinion

Cybercrime losses amounted to almost $21 billion last year, reflecting a 26% increase from 2024, the FBI recently reported.

The FBI described a “worsening digital crime environment that is driving financial losses, with momentum moving in the wrong direction and compounding at an alarming rate.” AI is making things worse and the risks to your company are enormous.

No network or database is 100% secure. But there are some actions your business can take to minimize the risk of a breach.

Human error is the main cause of as much as three-quarters of cybersecurity breaches, cybersecurity company Proofpoint found in a 2024 survey.

All of us are trying to get too many things done at one time and sometimes click or download when we shouldn’t. This is why it’s critical to build in a regular training plan for your employees with your IT firm. There’s also software available — like KnowBe4, Brightside, and Jericho Security — to frequently test employees with spoof emails and help them learn how to identify potential bad actors.

Every company should turn their employees into their first line of defense against malware and data breaches, said Anthony Mongeluzo, founder and CEO of Moorestown IT firm PCS.

“Each employee can strengthen your network digitally and physically or they can be the way your data gets stolen,” he said. “Training is important, and that includes being aware of any unauthorized persons in the office because sometimes it is easier for someone to steal data by simply walking into your office and plugging something into your network.”

Every network and every critical application in your business must be secured by multifactor authentication, or MFA.

Most of us are already familiar with getting a text message to our phone with a special code to use when logging in. Other tactics that are growing in popularity include PINs (a code entered that’s device-focused), external USB authentication “keys,” and software authentication applications like Google or Microsoft Authenticator.

MFA “significantly reduces” the chances of a breach, said Milan Baria, who runs Princeton-based security and technology company Blueclone Networks.

Brian Pickell, who owns IT firm KP Interface in Limerick, said it’s critical.

“It’s become a baseline requirement with no exceptions,” Pickell said. “Passwords alone are dead now.”

Mongeluzo warns that just because your software data is in the cloud, that doesn’t mean it’s a full backup … or that all the data is still there.

He advises his clients to check with the providers of their accounting, customer relationship management, payroll, and other cloud-based systems and confirm that these platforms are taking full backups of their data. He has his clients schedule a monthly download of their data to be stored separately. He also recommends using additional backup data storage services like Dropbox, OneDrive, or Google Drive.

“Traditional backup software can be encrypted by hackers, and if that happens, your data is useless,” he said. “Make sure to also do a test restore monthly to verify that you can get to your data. If there is a breach you want to get back up and running as quickly as possible, and having your full data in place will be critical.”

According to Baria, if you’re not enabling all software updates for your company’s devices, you’re exposing yourself for no reason.

He advises having an IT firm regularly using software to ensure that your network — and all devices — are running the most recent versions of all software applications and operating systems. That way your network is harder to breach, compared to someone else who’s running more vulnerable, out-of-date software.

“Regularly updating Windows, iOS, or Android when told to by the software company will ensure you’ve got the latest security patches,” Baria said. “All of these vendors like Microsoft … know the holes in their software, and that’s the reason why they have these patches and updates.

Baria says that if you’re not downloading these free updates “you’re enabling the hacker.”

Losing — or even exposing — customer data creates a huge potential liability. Being frozen because of a ransomware or other malware attack could mean weeks of lost revenues and profits.

Most insurance companies offer cyber insurance that covers potential liabilities and interruption of business if there’s a data breach. This type of insurance is relatively inexpensive and can be very important if a breach or ransomware attack occurs.

Cybersecurity risk is no longer a technical issue — it’s an operational discipline every business must manage. IT security needs to be a prioritized part of your company’s culture. This is not just about adding security software. It’s about being a secure company.

“A secure company focuses on structure, governance, and modern frameworks around all its systems,” said Pickell. “It’s important to embrace a zero-trust approach, limit access aggressively, and have formal data governance policies in place.”

Baria advises a full configuration review of your office system and network by an IT expert that ensures that MFAs, backups, and other protections are working effectively. He also recommends defining processes around incident responses and blocking access to your network from certain geolocations.

“The best security is having a deliberately designed, actively managed system of controls, configurations, and processes, and not a collection of tools,” he said.