Cybercrime surge in the Carolinas: $146 million lost in 2024—how to protect your business

Cybercrime isn't just hitting major corporations anymore. Small and midsize businesses across North and South Carolina are increasingly becoming targets—and the losses are adding up fast. In 2024 alone, South Carolina residents lost $146 million to internet crimes, a $27 million jump from the year before. Phishing and spoofing scams were especially alarming, rising from zero reports in 2023 to 1,259 reports in 2024.

While these numbers highlight the surge in the Carolinas, they mirror a national trend. The FBI's 2024 Internet Crime Report also shows rising cyber threats across nearly every state—especially for smaller businesses that may be underprepared. From California to New York, companies of all sizes are seeing similar upticks in phishing, ransomware, and business email compromise attacks.

The growing volume of these attacks is concerning—but it's also a wake-up call. If you run a business, you don't need to panic—but you do need to prepare. This blog post breaks down why cybercrime is rising nationally, why businesses of all sizes are at risk, and what you can do to protect your company from costly attacks.

Why more businesses are at risk

Cybercriminals are targeting smaller organizations more than ever before. The reason is straightforward: many lack robust security protocols, and criminals recognize this vulnerability. These businesses often don't have full-time IT staff, making it easier to exploit weaknesses without detection.

Phishing attacks—emails designed to trick employees into giving up sensitive information—prove particularly effective in environments where cybersecurity training is minimal. Combined with remote work, increased digital communication, and limited budgets, the risks continue growing for businesses throughout Charlotte, Raleigh, and other Carolina business centers.

Common types of cyberattacks targeting small businesses

Understanding the most common attacks can help you spot them sooner and respond faster:

Phishing and spoofing: Fraudulent emails or messages that appear to come from trusted sources, designed to trick recipients into revealing credentials or installing malicious software.

Ransomware: Malicious software that locks down your files or systems until a ransom is paid. Even if you pay, there's no guarantee your data will be restored.

Business email compromise (BEC): Hackers infiltrate legitimate email accounts and use them to trick employees or vendors into transferring funds or sensitive data.

Fake invoice or vendor scams: Cybercriminals pose as vendors or partners, sending realistic-looking invoices in hopes of getting paid without question.

These attacks can cause significant damage, but they're preventable with proper awareness and protocols in place.

What to do if you suspect a breach—or want to prevent one

If you're already concerned about something unusual—or just want to be proactive—these steps can help you respond effectively and build stronger defenses.

Don't ignore the signs

Some red flags might include unusually slow systems, login problems, missing files, or employees reporting strange emails. Minor issues can be early indicators of a breach. Trust your instincts, and take action early.

Document everything

If you notice suspicious activity, start documenting immediately. Save emails, take screenshots, and note any error messages or system irregularities. This documentation will be critical if you need to file a report, engage a corporate investigator, or pursue legal action.

Contact your internal IT and isolate the issue

If you have an internal IT team or outsourced provider, loop them in immediately. Change critical passwords, limit access to affected systems, and avoid spreading the issue further. Even without a dedicated cybersecurity team, isolating devices and networks can reduce damage.

Bring in cyber investigation professionals

For complex or ongoing threats, working with a licensed cyber investigator is often the best way to get answers quickly. Digital forensic experts can trace how the breach occurred, determine what data was compromised, and help you understand who might be behind the attack. When dealing with financial crimes or fraud investigations, discretion, speed, and accuracy are crucial.

Build stronger defenses going forward

Once the immediate threat is addressed, take time to shore up your cybersecurity with these proactive measures:

Enable multi-factor authentication (MFA): Adding an extra layer of security for logins can stop attackers even if they've stolen passwords.

Train employees to spot phishing: Regular training helps your team recognize red flags and avoid falling for scams.

Conduct regular system audits: Routine checks can uncover vulnerabilities and unauthorized access before damage is done.

Keep data backups secure and updated: Backing up files regularly—and securing those backups—ensures you can recover quickly in case of a breach.

Small changes today can make a significant difference in protecting your business tomorrow.

The threat is real, but you can stay ahead

Cyberattacks are becoming more common among small and midsize businesses, but that doesn't mean you're powerless. Paying attention to early warning signs, responding quickly to suspicious activity, and strengthening your systems can go a long way in protecting your business.

The rising threat doesn't mean disaster is inevitable. With proper awareness and actions, you can reduce your risk and respond effectively. And if you're ever in doubt or need help tracing an incident, contact Davis & Forest Investigative Group. Our team offers discreet, expert support so you can focus on running your business with confidence.