The Importance of Stringent Cybersecurity Measures for SMEs

Pradipto Chakrabarty, Regional Director, CompTIA India The Computing Technology Industry Association (CompTIA)is the voice of the world's IT industry and is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

The Micro, Small and Medium scale Enterprise sector in India comprises of 633.88 lakh units and has done commendably well in creating roughly 11.10 crore jobs across the country between 2014 and 2018, according to a report prepared by the Ministry of Micro, Small and Medium Enterprises. This sector is much more capable of generating large-scale employment than bigger organizations owing to its low overhead, greater scope for rapid business maneuvering and flexible organization.

Being one of the foundational pillars of the national economy, small businesses need to be constantly alert to changes in the business environment and be aware of any risks that could result in their downfall. Businesses are increasingly turning to digitalization to minimize mistakes in operations and accounting records through ERP systems and these systems may function over virtual clouds or centralized servers. Some employees may find it more conducive to work from home or while on the move and that would necessitate opening a VPN connection link. The problem with many small business models is that they overlook key security risks to data that could potentially unhinge the delicate nuts and bolts of their data organization framework.

SMEs are Soft targets
When it comes to headline news, most reports mention only large organizations and the huge losses that they suffered as a result of security lapses. Small enterprises may be fooled into thinking that they are permanently beneath the radar of online fraudsters and hackers. This is just not true.

Six crore MSMEs struggling to update operating systems make for a very attractive target. Weak passwords, exchanging
sensitive data over unsecure connections, using generic email servers such as Yahoo or Google to manage contracts is a major blunder riddled with pitfalls for the unwary entrepreneur, who may otherwise be brilliant at his line of work.

Login Passwords Could be Vulnerable for SMEs
The first point of break-in could be the part where employees log in to the company portal. Unless users have a strong password with mandatory upper case letters and special characters systems are likely to remain vulnerable to modern methods of decryption which use sophisticated methods of character association and permutations to guess passwords. This is why it is suggested that passwords be unrelated to obvious individual attributes such as surnames, birthdays, anniversaries etc. Two-factor authentication, using a biometric identifier and a password acts as a double check on who has logged into a particular computer. Thereafter, using various administrative passwords, one can place authentication safeguards on further sensitive folders on the network. Each instance of access can be tracked using a system log available in every operating system and alarms created whenever unauthorized access is detected.

"Being one of the foundational pillars of the national economy, small businesses need to be constantly alert to changes in the business environment and be aware of any risks that could result in their downfall"

Phishing& Ransomware through Spam Mails
Experts have also decried the human element in security lapses. Phishing emails often contain offers and enticements that seem legitimate. Merely by clicking on a link, one can compromise the digital security of the entire organization, especially when firewalls, spamware and antivirus software is not regularly updated, weak or absent. The silver lining is that most such attacks can be checked if employees are educated on the basics of how such phishing or ransomware emails look like.

The Importance of Skillset Upgradation for SME Cybersecurity
Most MSMEs outsource their IT security to a third party vendor to cut costs of operation. Because of their lack of experience in dealing with cybercrimes in-house, small businesses make a relatively soft target for digital criminals. At times, it becomes more cost-effective for leaders to pay off hackers instead of hiring external security consultants. This is not a problem for large organizations whose expansive business model necessitates and even makes it more economical to hire whole departments and IT specialists to take care of cybersecurity for the organization. These experts are trained on a variety of security disciplines from managing vulnerability to audits to risk management and responding to security incidents.

Most of these areas require extensive training and experience in view of the constantly changing landscape of cyber risks at play. Nevertheless, putting simple defensive measures in place and self-upgradation of employee skillsets through various universal certifications can help alleviate risks to a considerable extent. For example, the Network+ and Security+ certifications impart hands-on technical skills about how networks are tied together and identify points of and an assessment based on actual performance during given scenarios rules out cheats and gaps in learning.

Employers need to make it clear that IT security is everybody’s responsibility. Most employees learn to multi-task in small organizations. Constant vigilance is the key to maintaining a strong defense against cybercrime.