According to a recent report by security software firm Symantec, India ranked third among the countries with the highest number of cyber threats detected and second in terms of targeted attacks in the year 2017.
While there is a common myth that cyber attackers are more interested in going after the big fish, a survey by Verizon says that 58% of all cyber attacks are targeted towards SMEs.
Several experts have cited the urgent need for SMEs to secure their online premises, however, many SMEs do not go beyond installing a basic anti-virus solution. Given the fact that the same Symantec report elucidates on how complex cyber attacks (ransomware and network attacks) have increased in India in terms of global percentage, SMEs need to implement stronger solutions.
The five top tips that SMEs should follow to secure their online presence:
Robust governance framework: It is essential to define a governance framework for your company’s information systems. A good framework will include enterprise-wide information security policy, which should encompass internal security priorities, company’s mission and objectives. Every industry sector has its own separate laws and policies and regulatory compliances that the internal company policy need ..
Since India does not have a cyber security law, it falls on the companies to create their own framework. A good place to start is the National Institute of Standards and Technology’s cyber security framework, a globally recognised framework.
“It all may sound heavy for SMEs, but unless you have a strong governance framework, it does not matter how much you spend on tech products or solutions. Over the time we have seen it not working because when the company reaches a high altitude, the deeper their drop is,” explains Verizon Enterprise Solutions, Managing Principal (APAC), Ashish Thapar.
Thapar adds that SMEs can even baseline their framework with ISO 27001, an IT standards management system, which demonstrates that the company is following information security best practices.
Implement strong network security measures: Network security entails managing access to your company’s cyber network and preventing entry of unauthorised persons. This involves putting in place email gateway filter, web browsing or proxy gateway filter, and DNS (Domain Name System) security safeguards. DNS bundling attacks are on a rise because DNS is the main underline traffic of the entire internet communication.
Security hardening of systems: Hardening, in computing, translates into securing a system by limiting its surface of vulnerability; the more functions a system performs the more open it becomes and therefore, more vulnerable to possible attacks. The SMEs can follow the global, free of cost, security benchmarks created by organisations like Centre for Internet Security. These standards can be ascribed to for hardening existing systems and ensuring that the systems run only those ..
The hardening of systems can be performed on all systems run on internet, including web servers and network security devices.
“A lot of companies have also invested in technology like Internet of Things (IoT) which falls under operational tech systems and not necessarily, IT but the companies need to do a lot of patching and hardening in here as well,” says Thapar.
Regular log reviews: Maintaining log reviews are essential to detect suspicious activities at the earliest. Enable adequate log in and ensure log reviews are done on a regular basis. It gives you visibility which helps in understanding the activities in your internet infrastructure and tells you which system is talking to which, where is the traffic flow happening, and such.
“Unless you have baseline of your typical and usual communication, you will not be able to find out the anomaly. This makes a company entirely dependent on your anti-viruses, which are signature based tech and can only take you so far,” says Thapar.
Two-factor authentication: While having a strong password is the first step to secure your data; however, passwords will not be of any help in case of a keylogging attack. A keylogger is used to monitor and record each keystroke typed on a specific computer’s keyboard. In case of such attacks, the strength of the password is made ineffective and it is easy for the attacker to steal your credentials. “Enabling a two-factor authentication helps in mitigating this risk to maximum e ..
It is a must for ensuring the safety of a company’s critical systems and applications
These five tips are most beneficial if implemented in the company inception stage itself. So, while you are brainstorming on the kind of business you want to get into and its requirements; do not ignore cyber security. “It may be difficult to implement in the design stage, however, the effort of implementing it later only becomes exponentially higher,” warns Thapar.