Get All Access for $5/mo

SMEs: Small in Business, But Get Big on Cybersecurity While many SMEs, the newer ones especially, have started undertaking regular digital risk assessments, many of the more established SMEs have to do some catching up

By Pankit Desai

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Shutterstock.com

Cyber insecurity is no longer just a buzzword, it has become a reality for Small and Medium Enterprises (SMEs). When cyber attacks came to the fore as a recognised threat to businesses, the first port of call was to shore up cyber defence systems of the large and more well-known businesses. But now the threat has permeated to the smaller players, as their importance in the economic value chain grows and they become a part of the digital economy. While many SMEs, the newer ones especially, have started undertaking regular digital risk assessments, many of the more established SMEs have to do some catching up.

One of the foremost challenges for many SMEs is the recognition that the IT and Systems department needs to be more evolved than just hardware repair. Given their budgetary constraints, this is understandable, but if they want to be part of larger supply chains or hire vendors themselves, these organisations are morally and economically responsible to securing their business through up to date cyber defence. Hackers work on the theory that SMEs do not spend seriously on shoring up their cybersecurity and that the techniques that they used a year on large enterprises will work even today on smaller enterprises. More often than not, this theory holds good. While tools like antivirus or a basic firewall may offer a degree of security, SMEs do need to customise security controls and re-assess these on an ongoing basis. For example, what worked for an SME a year ago may no longer be even the minimum requirement given the scale of growth. In fact, many large companies are now insisting on equal cyber defence and data security norms from their vendors, a large portion of such vendors are in the SME segment. This will add a compliance pressure that has been missing otherwise in this sector.

As the digital landscape for these SMEs changes, so does the cyber insecurity landscape. A fake news link made to sound authentic enough is sufficient for a malware to be installed on the user's device to gather data and other important information. The flexible-economy nature of many of these SMEs, where one can work from home or a café also creates new security risks, with many of their employees choosing to work on personal laptops or smartphones which do not offer the high-quality data encryption necessary for business transactions. Companies may also need to start insisting that employees report all devices they use to access work-related information and ensure that these devices are also as secure. Insider attacks continue to be one of the most significant cybersecurity threats, but ignorance and negligence among personnel are also a large area of cyber insecurity for SMEs. While most organisations and personnel are now engaged in double backing up of files, security code authentications and such, much work remains to be done especially concerning regular updating of security protocols and reporting of possible and actual hacks. Ensuring that personnel understand what data encryptions and secure transaction mean, requires creating an organisational culture around cybersecurity.

Restricted access to processes and products are another area of concern for SMEs. Because many of these organisations work at family scale or with a very small number of employees, restricted access is not a protocol. However, this creates more vulnerability for zero-day attacks and the like. Most of these are not known until the business or product has been lost or an investigation has taken place. However, with the increased penetration of AI and machine learning, predictive cybersecurity is now an option, and SMEs need to shift from responding to preventing cyber attacks mentality.

Investing in cyber security also signals an attitudinal shift in recognising that while competition still exists, all businesses are still interconnected. As such, most cyber attacks go under-reported or unreported in India because businesses worry that knowledge of such an attack would give their competitors an edge and drive customers to their rivals. However, the competitor is just as vulnerable, and one way to achieve a competitive edge would be to prioritise cyber defence and instil customised plans. Cyber insurance is an emerging sector for increasing resilience among businesses and is one solid step in shoring up the cyber defence. For an SME, an attack by ransomware may well spell the end of their business. However, as more and more SMEs are expanding their business horizons beyond Indian borders, data regulation measures like the EU's Global Data Protection Regulation make it logical for Indian SMEs to ensure themselves against cyber attacks to prevent not just loss of business but also reputation. It is a hard fact that the ratio of a number of experienced personnel compared to the demand for cybersecurity experts is skewed, however, the fact that the SME has cyber insurance may actually work as an incentive for an expert to build your security controls as some bit of the job has already been done. Many of the investors may also consider a boost in funding if provided with viable security controls plans. While budgetary allocations in the growth cycles can be of much debate, allocation to serious cybersecurity is no longer just an option for SMEs.

News and Trends

"45% of All Ongoing Hydropower Projects in India are Ours": Patel Engineering

Patel Engineering reported a turnover of INR 4,400 crore in the last fiscal year, with a projected 10 per cent growth for the current year.

News and Trends

PB Fintech to Enter Healthcare Sector with New Wholly-Owned Subsidiary

The new entity, which is expected to be named either 'PB Healthcare Private Limited' or 'PB Healthcare Services Private Limited,' will focus on providing healthcare services.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Science & Technology

5 Rule-Bending AI Hacks to Make Your Mornings More Productive and Profitable

By 2025, AI will transform productivity by streamlining workflows and cutting costs. Major companies like Microsoft, Google, and OpenAI are leading the way, advancing AI into "Phase 3," where tools act as digital assistants. Discover 5 AI hacks to boost efficiency and redefine your daily routine.

Leadership

Should I Stay or Should I Go? 8 Key Points to Navigate the Founder's Dilemma

Here are eight key signs that help founders determine whether to persevere or let go.