Get All Access for $5/mo

How SMBs can diminish the risk of a data breach Perceived notions of 'high-cost investment', ignorance and a mindset 'who would target us' makes the SMBs, a hacker's goldmine. This perspective needs a re-set

By Karmesh Gupta

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.


For any economy, SMBs are the backbone. The intent to scale and grow faster generally makes business owners to invest money in areas where returns can be multiplied. Unfortunately, cyber security at the moment is not realized as an important element by SMBs. High cost of investment and the mindset "who would target us' can be cited as the key reasons to not incorporate healthy security architecture. Ironically, this ignorance makes SMBs, a hacker's goldmine. As an outcome, customers lose trust and marketing campaigns cannot repaint it.

If we in fact consider the numbers, a 100-people company can make itself safe by just spending 3K per person, per year, lesser than a yearly party budget of an employee. It is about a perspective change that needs to be built.

There are multiple ways a data breach can happen. Understanding all the aspects is necessary to diminish the risk by a large extent.

1. Office Network Attacks

Using a weakly-configured router at the gateway of LAN and WAN becomes the root cause of entry of any intruder. Once the network infra is accessible, any of the connected nods i.e. computer systems, servers, IP Cameras, IP-Pbx etc. are vulnerable.

SMBs must incorporate the use of Network Security Gateway like Firewall etc. with proper rules to ensure that intrusion becomes arduous. Typically, a firewall has gateway anti-virus, IPS engine, Sandbox which ensures that each packet coming in the network is safe. It also primarily helps businesses to connect their multiple branches via secured way through VPN. Features like Content Filtering and QoS help in enhancing the employee productivity by limiting their access to only work related content.A fire wall may cost around INR 75K for first year, and later annual renewals around INR 30K.

2. Website and Cloud-hosted Application Attacks

Due to the penetration of cloud technology, businesses mostly host their web and database on any of the prevalent platform like AWS, Google Engine, Azure etc. The instances have limited computing capacity and hence can serve up to a certain number of users.

Attackers may run a DDoS on the public IP of your server and as the request crosses the threshold value, system would go down. Similarly, there can be various types of attacks that can intrude in your hosted content.

Deploying a virtual firewall on the cloud instance takes all your worry away. Objective of Virtual Firewall is almost the same as a physical firewall. The cost could come around INR 25K.

3. End Point Security

Using Corrupt Pen Drives, Hard Disks, downloading free software or movies, clicking ads etc. generally results in the entry of a malware in your computer system. These malwares then have the access of your entire system and can steal and upload any confidential data (like banking details, mail and social media access credentials, financial documents, etc.) on their servers.

Next to the outside hackers, companies are also vulnerable from internal team members. Any of your employees can use a pen drive and take all important data to their home and may upload it publicly for vicious reasons.

Hence it is advised to use an End Point Security solution where a client file is installed onto all your end systems and a server file on the physical server or cloud. The IT administration can then granularly define rules for every individual system. For example, the IT admin may only permit the access of company owned storage devices on client machines. This basically makes any of the external storage devices non-functional, and hence the breach gets prevented.

The IT can block any kind of upload from client machine, which further helps them in preventing leakage of information in the form of mail and social attachment along with cloud upload. Similarly there are more than 90+ functionalities which can be applied as per the need and structure of organization.

End Points also helps in preventing you from ransomware via AV scanning, Patch Management and backing up your important system drives on the physical server or cloud.

Typically, the cost of EPS per machine for a year varies between INR 1000 – INR 1300 depending on the modules purchased. If you don't opt for an EPS, then at least a good Anti-Virus must be installed on all the systems. It costs around INR 400 per machine per year.

4. Attacks due to Improper Configurations and Loosely Patched Softwares or OS

Just deploying the above products may not mitigate the risk until they are well configured. Hackers may find the way to invade and hence vulnerability assessments should be exercised.

It is important to have yearly assessments and audits of your digital assets. This helps SMEs to learn about the open doors and related consequences. Based on the generated reports, the IT administration can work on to fix them and ensure tighter protection.

Any reputed cyber security service company would be willing to do the job for around INR 80K.

Karmesh Gupta

CEO & Co-founder, Wijungle

Karmesh Gupta is an Indian Entrepreneur and the Co-Founder and CEO of the Cyber Security company WiJungle. He was featured as the youngest recipient in Forbes 30 Under 30 Asia List (Enterprise Technology) of the Year 2020. Born and brought up in Alwar, Rajasthan, Karmesh started his journey in 2013 with Rajasthan Royals while he was in the second semester of his graduation. Later he worked with Lucideus as a Cyber Security Analyst before co-founding HttpCart Technologies in October 2014.


HttpCart became the first Indian private company to roll out a completely free wifi service in 2015. With time, the company shifted its focus towards cybersecurity and launched the World’s first Unified Network Security Gateway under the brand name WiJungle. WiJungle currently serves government and private giants globally and ranks among the top-rated Network Security Vendor as per market research firm Gartner.

News and Trends

Dee Piping Goes Public: Announces Initial Public Offering

Dee Development Engineers Limited, commonly known as 'Dee Piping,' has announced its transition into a public limited company.

Business Solutions

Increase Productivity with This Microsoft 365 Subscription, Now $25 Off

It can make the entrepreneur life a lot easier.

News and Trends

Unifi Capital Launches Two New Funds at GIFT City

Rangoli India Fund and G20 Portfolio are the two new funds launched by Unifi Capital, via its subsidiary UIML in GIFT City, to expand international investment opportunities.

Business News

Apple Pay Later Is Ending. Here's What's Taking Its Place.

The program was available for less than a year.


I've Grown a High-Performing Team in Just 2 Years — Here's are 5 Growth Strategies I Learned

A team's strength lies in its people's individual skills and how they synergistically come together.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.