Go Nuts to survive, not Rasgulla, Cracking the Dilemma for SMEs
A Cyber-Security session at GCCI (Gujarat Chamber of Commerce and Industry) was delivered by him.
The Paradox
Competition on Global Standards, mandates MSMEs to undergo digital transformation and adoption of technologies.
The Paradox is, Technology adoption being compulsion and not a choice, requires IT talent on MSME’s side to drive them through this adoption and safeguard them from hazards of cyber crime. On the contrary, Brilliant IT talent does not aspire to work with MSMEs.
This paradox makes it difficult for SMEs to ensure business continuity and information security. It makes them prone to being victim of Cyber Crime.
A look at most common Cyber Crime Scenes at MSMEs
Most MSMEs become victim of cyber crime in following way. This list is specific to MSMEs and not consumers.
A. “Ransomware attack” encrypts all data and business continuity is lost.
B. Emails are hacked and misused to communicate with
equip them with cyber-security tools. Generally for MSMEs Networks which exist in millions, Cyber-criminals mostly use automated programs to spot vulnerabilities to exploit. If level of difficulty to break in a specific MSME Network is good enough, these automated tools leave it and just move on to another MSME network.
In other words, they will spare the nuts and relish the Rasgullas…. So, the point is it makes sense to go nuts.
How to go Nut?
Here I am going to make some bold statements. They are proven and time tested. I don’t care if many IT vendors find these statements hostile to business of selling unnecessary IT hardware / software to SMEs out of fear of cyber crime.
Follow the Words V R S A F E
V for VPN
SMEs must not use remote access tools for external agency technical support or data access from outside. VPN should always be used for these purposes. Deployment of VPN is free on low cost routers. This will surely save you from ransomware.
R for Routers
SMEs do not need expensive intrusion detection firewalls. They just need a low cost Router (may be 6000 INR) to manage multiple internet connections and block all ports for incoming traffic except VPN. This will surely make it almost impossible to intrude your network.
S for Standard Email System
Stop using low cost third party “unlimited ids for 5000 INR” kind of email system. Go for standard email systems with transport layer security and 2 factor authentication.
A for Antivirus
Always deploy antivirus on every system. it hardly costs 250 Rs per computer per year. Keep it updated and renew it on time. This will surely save you from data loss or ransomware.
F for Forego Piracy
MSMEs do not need servers, CALs, professional operating systems or MS office on all computers. They just need a genuine single language windows OS which costs 3500 INR per computer if bought pre-loaded. Do not install pirated servers, MS office, as they are back doors for cyber criminals. You will not be victim of cyber criminals who use pirated software as backdoor entry. Do not use deprecated operating systems like XP. If you need to create enterprise environment, go for cloud based collaboration tools and document management system. Most of these systems are free for upto 25 users.
E for employees
SMEs are more vulnerable to data theft threat from internal people than from external hackers. Your competitors will benefit more from your data / IPR than a hacker. Enter into a strong confidentiality agreement with employees, block all data theft possibilities like USB, Emails and Internet. Block USB by use of antivirus, use standard email systems and allow limited websites through rule table in router.
If you follow this VRSAFE practice, you are that nut which will always be spared unhurt, unlike Rasgulla.