The India Risk Survey report ranks ‘Information & Cyber Insecurity’ as the biggest risk facing Indian companies. Indian organizations, both public and private, had witnessed over 27,000 incidents of security threat.
Phishing, scanning/probing, website intrusions and defacements, virus/malicious code, ransomware, Denial of Service attacks, and data breaches are some ways in which hackers attack business websites, which can cause operation.
Let’s look at some must-have cyber security measures for SMEs:
Back to Basics: It is always best to have the basics right. It is still the best defense from various viruses, malware and other online threats. Prioritize your assets based on its business criticality and address the risks accordingly. Ensure that the systems, web browsers and operating systems are updated with the latest security patches. Implement firewall security and run antivirus software after each update.
Security Policy and Procedure: Define Information Security policies and procedure which would be guiding light for the organization and the employees on the Security Best practices. The organization shall enforce the implementation of such policies and procedure, with appropriate security controls to safeguard their assets.
Security Awareness: Security awareness plays a very critical role in an organization. Conduct secure awareness training to employees, contractors and vendors on the organization information security policy and procedure. The organization shall ensure all their employees, contractors and vendor understand and adhere to he security policy and practice of the organization.
Need for BCP: Ensure regular backup of all critical data – whether stored in-house or on the cloud. Perform Disaster Recovery drill at a regular time interval to test the integrity of the BCP plan.
Cyber insurance: After the WannaCry ransomware incidents, small businesses have learnt the potential harm and legal ramifications of an attack. Consider investing in cyber liability insurance to help cover liabilities arising from theft, loss of data, breach of security and privacy.
Vendor management: With many of a businesses’ assets either being hosted or managed by external service providers – be it your web hosting service or cloud hosting service – working closely with your vendors on a comprehensive plan for risk mitigation is critical. Take the time to understand the vendors’ security certifications, encryption measures, business continuity plans, emergency contact information, etc., to know exactly the level of risk your business is exposed to.
Continuous Assessment and Improvement: As the organization business evolves, so do the IT systems, network and softwares. IT should be brought under strategic focus are of the organization and it need to be continuously monitored and assessed against new threats and weaknesses. Appropriate corrective action should be taken to remediate the weaknesses at the right time.