Technology for MSMEs: The large corporations, critical government infrastructures, and others have built strong resilience to cyber threats, but small business and start-ups need to cover-up and remain extra vigilant.
- By Bharat Panchal
Technology for MSMEs: The outbreak of COVID-19 pandemic has impacted the economy and businesses across the globe. Among the worst affected in these trying times are the small business and start-ups, as they stare at major financial resource crunch. It’s a double whammy for small enterprises and startups, with the rising threat of cyber frauds and data breaches. Cybercriminals are increasingly becoming effective as their techniques are evolving at a fast pace, and this makes businesses always at risk of a cyber-attack. The large corporations, critical government infrastructures, and others have built strong resilience to cyber threats, but small business and start-ups need to cover-up and remain extra vigilant with a robust strategy to mitigate risks.
As businesses are increasingly storing confidential information and data in cloud services, the necessity for more complex security practices and strategies has become even larger. The small businesses and startups often lack the necessary resources and security policies to defend against cyber frauds, thus making them easy targets for hackers. The primary concerns for businesses are the security of customer information and intellectual property data. In the face of these threats, the organization should adopt and implement strict IT security policies to minimize system weakness.
As the world is making various scenarios of lockdown exit, there’s a high possibility of remote working to stay for some time, before things get normal. Hence, it’s critical that small businesses and startups embrace this new normal, and draw their strategies against cyber frauds and data breaches.
- It’s advisable that small businesses or enterprises provide laptops or devices to employees to work from home. This will ascertain certain standards of security controls such as anti-virus, security patches, disabling unwanted services/ applications etc. Organisations should make it mandatory that machines used for company’s business must have anti-malware, anti-spyware, and firewall software installed, to catch and eliminate threats before they become problematic.
- Only secured virtual private network (VPN) connectivity be allowed for remote access. In addition, only whitelisted IP addresses or device ids be allowed to access systems, this will restrict access to only authorised users.
- One has to ensure that any device such as laptop, tablets, mobile, etc. which are being used to work remotely should be on a platform, that can be remotely traced and deactivate, in an event of loss/ theft or any other misuse. It’s advisable to create logs of every activity performed, so that same can be retrieved at a later stage if needed.
Prevent Phishing and Supply-Chain Attacks
As small businesses/ enterprises are working remotely, maximum information is likely to get exchanged through virtual conferences over the internet and emails. Cybercriminals/ hackers aware of these activities may attempt to exploit the situation.
- Treat every email with zero trust. If a mail pops-up from someone unknown and with an attachment, one should not open it. The employee should report to the system security team to validate the authenticity of safety and security. Also, establish a process that enables employees to report anything that appears suspicious, while organisations should share regular updates and information about phishing e-mails that’s compulsory to be noted.
- In these times it’s critical to secure most vulnerable assets – the employees. The organisation should train employees on the importance of using smarter passwords that are crucial to upgrading cybersecurity. Although longer, complex and difficult passwords may seem like a hassle to employees, organisations should still create a company policy to mandate them. It’s important to note that passwords should never be the same across multiple platforms, and it’s best to change them often — every three months at a minimum. The use of a password manager is imperative to prevent passwords from being leaked while using emails or other critical applications.
- One should be cautious while carrying out financial transactions online or through mobile. There must be checks and balances to ensure transactions are being carried by authorised personals only, ideally by more than one person, that is, maker and checker. One may also consider adding additional another layer of security by checking with the bank about inward/ outward transactions and verifying details with suppliers. Under any circumstances, one should not share details such as bank account ID, user name, password, OTP, PIN, credit or debit card number and its expiry date etc.
Low Digital Risk Increases Confidence
It’s often experienced that there’s no assurance of full-proof security, and it’s being witnessed that even most risk-averse organisations with best security tools and systems are been attacked by cyber frauds. In today’s hyper-connected world, cyber-security is a necessity for all be it – large, medium, and small enterprises. The smaller businesses may be more prone to cyber-attacks as they typically have fewer resources dedicated to cybersecurity. Hence, implementation of effective early detection system will help small enterprises to remain better equipped and take proactive actions while staying ahead in business operations.
Bharat Panchal is the Chief Risk Officer – India, Middle-East & Africa of Fidelity National Information Services. Views expressed are the author’s own.