Cyber safety: A prerogative for the digital MSME industry
Cybercrimes in fact, have spiked during the 2020 pandemic, with the National Security Advisor reporting a rise of ~500% in cases.
Digital adoption was one of the most accelerated and unprecedented during the pandemic, leading companies to craft new ways to cater to people who were working, living, communicating, shopping and more, all from home. New experiences gave rise to new business models. The digital boom for businesses big and small, was also supported by the digital infrastructure made available by the government and the India Stack, sometimes more than our ability to adapt to them.
And as almost every business depends on the internet, smartphones and computers to function, they also became prone to cyberattacks from malicious threat actors. Cybercrimes in fact, have spiked during the 2020 pandemic, with the National Security Advisor reporting a rise of ~500% in cases. Unfortunately, small and medium enterprises (SMEs) - considered to be the growth engines of our economy - remain among the most vulnerable targets of such attacks. Of all cyberattacks, ~43% of targets are small businesses and SME start-ups.
In this article, I would like to explore why SMEs are targeted by cybercriminals, and the ways small businesses can ensure cyber protection.
Never too small to fall
Being prepared for the worst despite hoping for the best is a pre-requisite for today's digital world. Despite large organizations and government institutions being at perennial risk of cyberattacks, SME leaders cannot afford to ignore the threats, and at the same time, have the ability to fight against them.
For one, MSMEs have begun to realize the much-needed benefits of digitalization, yet unaware of the threats that come with it. ~47% of SMEs have any knowledge of managing cyber risks. Their second challenge is the lack of access to skilled resources. Finally, they lack the budgets to develop a robust cyber safetystrategy or framework, or fight back against an attack. Nearly 60% of small enterprises go out of businesses a few months after they turn victims of cybercrimes, and 91% do not have a cyber liability insurance. This means even if SMEs are relying on modern apps for managing staff and finances, they are (or more particularly, their database is) still left vulnerable to sophisticated malicious actors. While SMBs have improved their focus on operational and financial risks, their maturity in corporate digital risks is yet to reach its mark.
But what are the ways to get out of this double bind?
Shared responsibility of the ecosystem
The responsibility of cloud security in my opinion, is typically shared between two groups. The first is the duty of ERP (Enterprise Resource Planning) platforms, payments solutions, customer & employee management solutions and more, who should take advanced technical measures to secure their infrastructure against cybersecurity attacks. Some best practices for platforms include:
- Leveraging cloudbased infrastructure and scale-tested enterprise solutions from public, private or hybrid cloud providers
- Ensuring stored data is only accessed from within closed private networks
- Making sure sensitive data is stored in an encrypted format, some not even visible to internal employees
- Enforcing virus/ransomware protection
- Implementing technologies for the recovery of client data even in cases of natural disaster
- Encrypting communication between customer device and servers
- Conducting regular audits of the system to identify and fix vulnerabilities proactively
- Developing the ability to freeze a user's account in case of phone/device theft or fraudulent activity etc.
- Empowering users to control access of their staff to information
- Using two-factor-authentication (login PIN set by the user plus the one-time-password received at the time of login)
- Educating users via notifications/social media about security best practices
The second responsibility falls on SME leaders, wherein they should ensure that corporate devices are secure, their staff is educated on the basics of cybersecurity, and that only authorised personnel to have the access to sensitive corporate data. SME organizations can also follow a few best cybersecurity practices including:
- Implementing antivirus and malware protection in all digital devices
- Never sharing OTPs with anyone
- Never blindly trusting emails/calls from people who might be posing as internal employees
- Not sharing access to their mobile, laptop and apps to untrusted people
- Educating staff who deal with sensitive data about data security
- Building periodic awareness on cyberattacks covering topics such as phishing, spyware, ransomware
- Legitimacy checks/validations/manual confirmations before executing financial transactions based on emails from vendors/suppliers etc.
The first step in solving a problem is identifying it
With more and more businesses operating in the digital realm, it has become necessary to protect employees', customers', and stakeholders' information with an equal level of proactivity we put towards hygiene and safety in our daily lives today. Given the growing complexities, compliance norms and growing sophistication of cyberterrorists, it is always beneficial to be prepared for any risk that may come, and resolve it proactively.
Accounting for ~38% of our national GDP, securing small businesses are vital for our economy to recover, grow and prosper. It is also therefore crucial, that we do everything we can to not only prepare for the worst of cyber adversaries, while we capitalize on the potential of an atmanirbhar Digital India