Cybercriminals leave no potential victim behind — not even India’s micro-, small- and medium-sized enterprises (MSMEs).
In an era where digital transformation is imperative for businesses of all sizes, the importance of cybersecurity cannot be overstated.
The case is challenging for micro-, small- and medium-sized enterprises (MSMEs) in India with limited budgets and other urgent priorities to attend to.
Yet, MSMEs form approximately a third or more of the country’s economy. As the country modernizes, the increased connectivity of businesses means that MSMEs could be the weakest link, according to one security industry observer.
CybersecAsia: How important is it for MSMEs to have a comprehensive cybersecurity plan in place?
Shanmuga Priyan (SP): The majority of MSMEs in the e-commerce business experience challenges in protecting their data, as most of them use cloud-based applications and need to share sensitive information through the internet.
They need to understand that, unless every node and end point is protected, there may be a threat of losing the data. A few incidents in the past in India led to customers’ sensitive information being sold on the Dark Web. Such breaches could lead to significant financial losses, legal liabilities, and damage to reputation.
A secured network with good protection on access levels of user is the need of the hour. If there is a good security control in place, with best practices followed by MSMEs, we can avoid these threats and protect the business, and also avoid being a supply chain risk to their business partners.
CybersecAsia: What are some common cybersecurity threats that MSMEs should be aware of?
SP: These would include:
- Phishing attacks
- Malware
- Ransomware
- Insider threats
- Poor password hygiene
- Outdated software
- Social Engineering
As such, these MSMEs need to be trained to be aware of the all the above, to prevent, detect, mitigate and maintain a good cybersecurity mindset.
CybersecAsia: How can an MSME without cybersecurity support minimize its risk of being attacked?
SP: Prevention is better than cure. By blacklisting specific groups of risky websites (social media, gaming adult-content and e-commerce sites), MSME owners will prevent most staff from attracting cyberattacks. This will also ensure that staff avoid performing non-business activities at the workplace or on remote-working devices.
Depending on the customers’ nature of business, they can even block all internet access by default, and whitelist only approved sites for each staff’s work needs.
We strongly recommend MSMEs to keep their data protected with proper security in place, and to follow best practices thereby training their employees, vendors and customers. Without third-party 24/7 cybersecurity consultancy and support, they should also invest in implementing security hardware and engage regular cybersecurity audits of their network and Infrastructure.
As cyber threats continue to evolve, the need for robust and adaptive security measures becomes increasingly critical in India.
CybersecAsia thanks Priyan for sharing his professional insights on India’s MSME cybersecurity landscape.
