According to a recent report by security software firm Symantec, India ranked third among the countries with the highest number of cyber threats detected and second in terms of targeted attacks in the year 2017.
While there is a common myth that cyber attackers are more interested in going after the big fish, a survey by Verizon says that 58% of all cyber attacks are targeted towards SMEs.
Several
experts have cited the urgent need for SMEs to secure their online
premises, however, many SMEs do not go beyond installing a basic
anti-virus solution. Given the fact that the same Symantec report
elucidates on how complex cyber attacks (ransomware and network attacks)
have increased in India in terms of global percentage, SMEs need to
implement stronger solutions.
The five top tips that SMEs should follow to secure their online presence:
Robust governance framework: It is essential to define a governance framework for your company’s information systems. A good framework will include enterprise-wide information security policy, which should encompass internal security priorities, company’s mission and objectives. Every industry sector has its own separate laws and policies and regulatory compliances that the internal company policy need ..
Since
India does not have a cyber security law, it falls on the companies to
create their own framework. A good place to start is the National
Institute of Standards and Technology’s cyber security framework, a
globally recognised framework.
“It
all may sound heavy for SMEs, but unless you have a strong governance
framework, it does not matter how much you spend on tech products or
solutions. Over the time we have seen it not working because when the
company reaches a high altitude, the deeper their drop is,” explains
Verizon Enterprise Solutions, Managing Principal (APAC), Ashish Thapar.
Thapar
adds that SMEs can even baseline their framework with ISO 27001, an IT
standards management system, which demonstrates that the company is
following information security best practices.
Implement strong network security measures: Network
security entails managing access to your company’s cyber network and
preventing entry of unauthorised persons. This involves putting in place
email gateway filter, web browsing or proxy gateway filter, and DNS
(Domain Name System) security safeguards. DNS bundling attacks are on a
rise because DNS is the main underline traffic of the entire internet
communication.
Security hardening of systems: Hardening,
in computing, translates into securing a system by limiting its surface
of vulnerability; the more functions a system performs the more open it
becomes and therefore, more vulnerable to possible attacks. The SMEs
can follow the global, free of cost, security benchmarks created by
organisations like Centre for Internet Security. These standards can be
ascribed to for hardening existing systems and ensuring that the systems
run only those ..
The hardening of systems can be performed on all systems run on internet, including web servers and network security devices.
“A
lot of companies have also invested in technology like Internet of
Things (IoT) which falls under operational tech systems and not
necessarily, IT but the companies need to do a lot of patching and
hardening in here as well,” says Thapar.
Regular log reviews:
Maintaining log reviews are essential to detect suspicious activities
at the earliest. Enable adequate log in and ensure log reviews are done
on a regular basis. It gives you visibility which helps in understanding
the activities in your internet infrastructure and tells you which
system is talking to which, where is the traffic flow happening, and
such.
“Unless
you have baseline of your typical and usual communication, you will not
be able to find out the anomaly. This makes a company entirely
dependent on your anti-viruses, which are signature based tech and can
only take you so far,” says Thapar.
Two-factor authentication:
While having a strong password is the first step to secure your data;
however, passwords will not be of any help in case of a keylogging
attack. A keylogger is used to monitor and record each keystroke typed
on a specific computer’s keyboard. In case of such attacks, the strength
of the password is made ineffective and it is easy for the attacker to
steal your credentials. “Enabling a two-factor authentication helps in
mitigating this risk to maximum e ..
It is a must for ensuring the safety of a company’s critical systems and applications
These
five tips are most beneficial if implemented in the company inception
stage itself. So, while you are brainstorming on the kind of business
you want to get into and its requirements; do not ignore cyber security.
“It may be difficult to implement in the design stage, however, the
effort of implementing it later only becomes exponentially higher,”
warns Thapar.