Skip to content
Small Business Health Insurance
apex-chamber-logo-white-sm
Join Now
Login
Email
(919) 362-6456
Visit Us

Cybercrime Hit a New High in 2024 — Here's How Apex Businesses Can Stay Safe Online

ChamberGeneral News ArticleCommunityPress Release

Online transactions are central to nearly every business in Apex, from event sponsors at Peak Fest to professional services firms with clients across the Triangle. But U.S. cybercrime losses topped $16.6 billion in 2024 — a 33% jump year over year. For small businesses, the question isn't whether these threats are real — it's whether your defenses are ready.

Small Businesses Take the Hardest Hits

It's tempting to assume that criminals target large corporations with more money at stake. The data says the opposite.

Picture two Apex businesses accepting payments online. The first uses a payment portal with no multi-factor authentication, reuses passwords across platforms, and exchanges contracts as unsecured email attachments. The second requires a second login step for all business accounts, encrypts customer data in transit, and signs agreements through a tamper-evident platform. When a credential-stuffing attack hits both, the first gets breached. The second turns it away.

Ransomware hit small businesses hardest in 2025: it appeared in 88% of confirmed SMB data breaches — more than double the rate at large enterprises — with a median ransom payment of $115,000. Smaller businesses handle real customer data but often lack the defenses to match.

Bottom line: The gap between a breached business and a secure one usually comes down to basics, not budget.

Your Online Transaction Security Checklist

Most attacks succeed because of fundamental gaps, not sophisticated exploits. Before processing your next payment or sending your next contract, confirm:

  • [ ] HTTPS active: Your URL starts with https://, confirming SSL/TLS encryption is scrambling data between visitors and your server.

  • [ ] MFA enabled: All accounts touching transactions — payment processors, business email, banking dashboards — require a second verification step beyond a password.

  • [ ] PCI DSS confirmed: Your payment processor has verified your compliance tier. (Payment Card Industry Data Security Standards set the baseline requirements for every business that accepts card payments.)

  • [ ] Systems patched: Plugins, e-commerce platforms, and operating systems are updated within 30 days of security releases.

  • [ ] Least-privilege access: Only employees who need it can reach payment or customer data, and that access is reviewed quarterly.

  • [ ] Backups tested: Customer and transaction records are backed up off-site and recovery is verified at least once a year.

  • [ ] Vendors vetted: Any third-party payment tool you use carries current security certifications.

Eliminate the most common attack vectors by prioritizing MFA, SSL/TLS, and patching first — the U.S. government's cybersecurity agency identifies these three controls as the highest-impact baseline steps for small businesses accepting payments online.

How Document Signing Fits Into Transaction Security

Every signed contract, service agreement, and vendor form is a transaction record — and a PDF attached to an email offers no protection against alteration or dispute after the fact.

A dedicated e-signature platform changes that. Adobe Acrobat Sign is a document tool that sends contracts through encrypted channels, tracks who signed and when, and produces a tamper-evident audit trail. To send your first document for e-signature this way, click here — recipients sign without downloading software or creating an account, and the document locks once complete.

Integrating this into your contract workflow covers authentication, integrity, and compliance in a single step.

In practice: Build the audit trail before the first disputed contract, not after it.

Business Email Compromise: The Most Expensive Threat Most Owners Overlook

Business Email Compromise (BEC) is targeted fraud where a criminal impersonates a vendor, employee, or executive to redirect a payment or deceive someone into sending funds. These aren't obvious scam emails full of typos — they arrive in believable contexts and are often indistinguishable from legitimate requests.

BEC alone accounted for $2.77 billion in losses in 2024. Across all fraud categories, losses reached $12.5 billion that year — a 25% jump from the prior year. For Apex businesses that regularly handle vendor invoices, sponsorship payments, or contractor arrangements — especially during high-activity periods like the Annual Business Expo or the lead-up to Peak Fest — any request to change a bank account number or routing information should be verified by phone before acting. Call a number you already have on file; never reply to the suspicious message.

When Something Goes Wrong: A Response Framework

If you discover unauthorized access to a business account:

  • Change passwords and revoke active sessions immediately

  • Contact your bank or payment processor to freeze affected accounts

  • Document what you saw, when, and what actions you took

If customer data may have been exposed:

  • Notify affected customers promptly — North Carolina law requires disclosure when personal information is compromised

  • File a complaint at ic3.gov and report fraud to the FTC

If ransomware locks your systems:

  • Do not pay — recovery isn't guaranteed, and payment funds further attacks

  • Restore from your most recent clean backup

  • Contact CISA's free incident response line: (888) 282-0870

Putting It Into Practice

The Apex Chamber's AM Networking and Business After Hours events are practical places to compare notes with other local owners on vendors, tools, and what's worked. Start with the checklist above, confirm your PCI compliance tier with your payment processor, and look at your document signing workflow — those three steps close most of the common gaps without requiring an IT department.

Frequently Asked Questions

Does HTTPS matter if my site doesn't process payments directly?

Even without transactions, an HTTP site exposes contact and inquiry forms to interception and is flagged "not secure" by most browsers — which erodes visitor trust before you've had a chance to earn it. HTTPS also influences search rankings.

Non-commerce sites benefit from SSL/TLS for trust and visibility, not just payment security.

If I use a platform like Shopify or Square, am I already PCI compliant?

Hosted platforms shift much of the PCI burden to the vendor, but not all of it — you're still responsible for how your employees access the system, any customer data stored on your end, and payment handling at your physical location if you accept cards in person. Confirm your specific compliance obligations with your payment processor, not just their general terms.

Platform compliance covers the vendor's infrastructure, not your full operating environment.

Are electronic signatures legally valid for business contracts in North Carolina?

Yes. Electronic signatures are enforceable under both the federal E-SIGN Act and North Carolina's Uniform Electronic Transactions Act. A properly executed e-signature with a full, timestamped audit trail is generally stronger evidence in a dispute than a scanned paper signature.

The audit trail — not the signature itself — is what makes an e-signed contract defensible.

 

Cybercrime Hit a New High in 2024 — H...