My speech on Cyber-Security session sometime back at GCCI (Gujarat Chamber of Commerce and Industry) was largely attended by owners and senior managers of MSME. I intend to share salient points with my MSME readers. Here you go…
Competition on Global Standards, mandates MSMEs to undergo digital transformation and adoption of technologies.
The Paradox is, Technology adoption being compulsion and not a choice, requires IT talent on MSME’s side to drive them through this adoption and safeguard them from hazards of cyber crime. On the contrary, Brilliant IT talent does not aspire to work with MSMEs.
This paradox makes it difficult for SMEs to ensure business continuity and information security. It makes them prone to being victim of Cyber Crime.
Most MSMEs become victim of cyber crime in following way. This list is specific to MSMEs and not consumers.
A. “Ransomware attack” encrypts all data and business continuity is lost.
B. Emails are hacked and misused to communicate with customers or vendors to divert payments to spurious accounts.
C. Internal employee leaks data to competitor causing enormous business losses.
D. Fake emails direct to fake websites and take away password credentials.
E. Networks are intruded and resources like internet, EPABX, VOIP are misused for bitcoin mining or ISD telephony or attacking other networks.
F. Employee installed some expensive pirated software and organization is held liable legally, subject to huge penalties.
This feels like applying for a weapon license for self defense. Hold on, things are not that bad as you just imagined.
Cyber-criminals calculative-ly put in efforts, resources to attack and commit crime. It is more juicy if they do it to a large enterprise as the bounty they steal is far more than what they can squeeze by victimizing numbers of SMEs. So large enterprises have to employ soldiers and equip them with cyber-security tools. Generally for MSMEs Networks which exist in millions, Cyber-criminals mostly use automated programs to spot vulnerabilities to exploit. If level of difficulty to break in a specific MSME Network is good enough, these automated tools leave it and just move on to another MSME network.
In other words, they will spare the nuts and relish the Rasgullas…. So, the point is it makes sense to go nuts.
Here I am going to make some bold statements. They are proven and time tested. I don’t care if many IT vendors find these statements hostile to business of selling unnecessary IT hardware / software to SMEs out of fear of cyber crime.
Follow the Words V R S A F E
SMEs must not use remote access tools for external agency technical support or data access from outside. VPN should always be used for these purposes. Deployment of VPN is free on low cost routers. This will surely save you from ransomware.
SMEs do not need expensive intrusion detection firewalls. They just need a low cost Router (may be 6000 INR) to manage multiple internet connections and block all ports for incoming traffic except VPN. This will surely make it almost impossible to intrude your network.
Stop using low cost third party “unlimited ids for 5000 INR” kind of email system. Go for standard email systems like G-Suite or equivalent. There are tools like BLACKbox which can save 70% of G-Suite cost and enhance security and vigilance. This will surely save you from email identity theft frauds.
Always deploy antivirus on every system. it hardly costs 250 Rs per computer per year. Keep it updated and renew it on time. This will surely save you from data loss or ransomware.
MSMEs do not need servers, CALs, professional operating systems or MS office on all computers. They just need a genuine single language windows OS which costs 3500 INR per computer if bought pre-loaded. Do not install pirated servers, MS office, as they are back doors for cyber criminals. Products like BLACKbox replaces need of server licenses, MS office, CALs, RDP CALs without compromising on enterprise level security. This will surely minimize your IT investment cost as well as you will not be victim of cyber criminals who use pirated software as backdoor entry.
SMEs are more vulnerable to data theft threat from internal people than from external hackers. Your competitors will benefit more from your data / IPR than a hacker. Enter into a strong confidentiality agreement with employees, block all data theft possibilities like USB, Emails and Internet. There are few tools like BLACKbox which makes sure that data leakage or theft is extremely difficult from SME network.
If you follow this VRSAFE practice with tools like BLACKbox, you are that nut which will always be spared unhurt, unlike Rasgulla.