The India Risk Survey 2017 report ranks ‘Information & Cyber Insecurity’ as the biggest risk facing Indian companies. Indian organizations, both public and private, had witnessed over 27,000 incidents of security threat, from January 2017 till June 2017 alone.
Phishing, scanning/probing, website intrusions and defacements, virus/malicious code, ransomware, Denial of Service attacks, and data breaches are some ways in which hackers attack business websites, which can cause operational disruptions and potentially steal sensitive information. Small and medium businesses (SMBs), unfortunately, have been seeing rising incidences of cybercrime. In fact, 70 percent of cyberattacks occur at organizations with lesser than 100 employees.
Forewarned is forearmed
In the words of Arne Josefsberg, Chief Information Officer of GoDaddy, “Perhaps the most important thing is to treat security threats seriously and to proactively assess your security measures. Many companies do not take security seriously enough until something bad happens. It is generally a lot more expensive to clean up after a security breach, than addressing it proactively.”
Let’s look at some must-have cyber security measures for SMEs:
Cyber hygiene: Basics still matter and are some of the best defenses against viruses, malware, and other online threats. Assess the assets that are most at risk – data, servers, network – and ensure that the systems are updated with the latest security software, web browser, and operating system. Implement firewall security and run antivirus software after each update.
Cyber security culture: Human vulnerabilities play as important a role as software loopholes. Mandate basic security practices and policies for all employees, such as 2-factor authentication, internet use guidelines and create and enforce rules on handling and protecting sensitive data. Conduct frequent training to sensitize employees about opening suspicious emails, encrypting their data, using strong passwords on their devices, installing security apps, and limiting activity
Business continuity plans: Ensure regular backup of all critical data – whether stored in-house or on the cloud. Run scheduled attack drills and stress tests to identify vulnerabilities and ensure that data restoration and business continuity are executed as planned.
Cyber insurance: After the WannaCry ransomware incidents, small businesses have learnt the potential harm and legal ramifications of an attack. Consider investing in cyber liability insurance to help cover liabilities arising from theft, loss of data, breach of security and privacy.
Vendor management: With many of a businesses’ assets either being hosted or managed by external service providers – be it your web hosting service or cloud hosting service – working closely with your vendors on a comprehensive plan for risk mitigation is critical. Take the time to understand the vendors’ security certifications, encryption measures, business continuity plans, emergency contact information, etc., to know exactly the level of risk your business is exposed
Even as the boundaries of business assets blur with anytime, anywhere digital access, constant vigilance has to become the mantra of all entrepreneurs and small business owners. Cyber security needs to be brought out of the domain of ‘IT’ to make it a strategic focus area, right up there with the growth and development of the core business, to help ensure a long term stability of the business and its reputation.