How SMBs can diminish the risk of a data breach Perceived notions of 'high-cost investment', ignorance and a mindset 'who would target us' makes the SMBs, a hacker's goldmine. This perspective needs a re-set

For any economy, SMBs are the backbone. The intent to scale and grow faster generally makes business owners to invest money in areas where returns can be multiplied. Unfortunately, cyber security at the moment is not realized as an important element by SMBs. High cost of investment and the mindset "who would target us' can be cited as the key reasons to not incorporate healthy security architecture. Ironically, this ignorance makes SMBs, a hacker's goldmine. As an outcome, customers lose trust and marketing campaigns cannot repaint it.

If we in fact consider the numbers, a 100-people company can make itself safe by just spending 3K per person, per year, lesser than a yearly party budget of an employee. It is about a perspective change that needs to be built.

There are multiple ways a data breach can happen. Understanding all the aspects is necessary to diminish the risk by a large extent.

1. Office Network Attacks

Using a weakly-configured router at the gateway of LAN and WAN becomes the root cause of entry of any intruder. Once the network infra is accessible, any of the connected nods i.e. computer systems, servers, IP Cameras, IP-Pbx etc. are vulnerable.

SMBs must incorporate the use of Network Security Gateway like Firewall etc. with proper rules to ensure that intrusion becomes arduous. Typically, a firewall has gateway anti-virus, IPS engine, Sandbox which ensures that each packet coming in the network is safe. It also primarily helps businesses to connect their multiple branches via secured way through VPN. Features like Content Filtering and QoS help in enhancing the employee productivity by limiting their access to only work related content.A fire wall may cost around INR 75K for first year, and later annual renewals around INR 30K.

2. Website and Cloud-hosted Application Attacks

Due to the penetration of cloud technology, businesses mostly host their web and database on any of the prevalent platform like AWS, Google Engine, Azure etc. The instances have limited computing capacity and hence can serve up to a certain number of users.

Attackers may run a DDoS on the public IP of your server and as the request crosses the threshold value, system would go down. Similarly, there can be various types of attacks that can intrude in your hosted content.

Deploying a virtual firewall on the cloud instance takes all your worry away. Objective of Virtual Firewall is almost the same as a physical firewall. The cost could come around INR 25K.

3. End Point Security

Using Corrupt Pen Drives, Hard Disks, downloading free software or movies, clicking ads etc. generally results in the entry of a malware in your computer system. These malwares then have the access of your entire system and can steal and upload any confidential data (like banking details, mail and social media access credentials, financial documents, etc.) on their servers.

Next to the outside hackers, companies are also vulnerable from internal team members. Any of your employees can use a pen drive and take all important data to their home and may upload it publicly for vicious reasons.

Hence it is advised to use an End Point Security solution where a client file is installed onto all your end systems and a server file on the physical server or cloud. The IT administration can then granularly define rules for every individual system. For example, the IT admin may only permit the access of company owned storage devices on client machines. This basically makes any of the external storage devices non-functional, and hence the breach gets prevented.

The IT can block any kind of upload from client machine, which further helps them in preventing leakage of information in the form of mail and social attachment along with cloud upload. Similarly there are more than 90+ functionalities which can be applied as per the need and structure of organization.

End Points also helps in preventing you from ransomware via AV scanning, Patch Management and backing up your important system drives on the physical server or cloud.

Typically, the cost of EPS per machine for a year varies between INR 1000 – INR 1300 depending on the modules purchased. If you don't opt for an EPS, then at least a good Anti-Virus must be installed on all the systems. It costs around INR 400 per machine per year.

4. Attacks due to Improper Configurations and Loosely Patched Softwares or OS

Just deploying the above products may not mitigate the risk until they are well configured. Hackers may find the way to invade and hence vulnerability assessments should be exercised.

It is important to have yearly assessments and audits of your digital assets. This helps SMEs to learn about the open doors and related consequences. Based on the generated reports, the IT administration can work on to fix them and ensure tighter protection.

Any reputed cyber security service company would be willing to do the job for around INR 80K.