Covid 19: Cyber security threats to SMEs and next steps

By Zakir Hussain

A general common misconception for small businesses, is that ‘the business is too small to be a target’, but unfortunately this is not the case. With most of the businesses working from home, and remote working platforms gaining acceptance, the sudden increase in cyber-attacks is no surprise. Small Businesses today, are more and more interweaved with the online world, at the high risk of Online attacks. Because of the lack of resources, less awareness of threats or knowledge to defend themselves, the businesses are vulnerable to the several attacks.

The recent spike in attacks, has sounded the alarm, especially for the SME and start-up community in India. With the growing phishing, malware and ransomware attacks; it has become imperative for the businesses to future proof their businesses for seamless functioning today and tomorrow.
Let’s understand the security threats faced by businesses during Covid19 and how organizations can protect themselves.

Phishing attacks
The biggest, most damaging and one of the widespread threat that affects the small businesses. Phishing accounts to 90% of the breaches. In the wake of the COVID-19 crisis, the attacks have gone more sophisticated, with attackers pretending to be legitimate business contacts, to lure valuable information. Link a successful phishing attack to a poorly configured or mismanaged security setting on the company network and one accidental click could be catastrophic for business. MSMEs can manage these threats by ensuring proper firewalls, allowing remote access only from known IP addresses, using the latest version of remote management applications and examining logs regularly for signs of unknown/suspicious activity. Additional measures like maintaining compliance with all security controls and educating employees about potential threats and raising alerts can be effective in mitigating organizational risks.

Malware attacks
Cybercriminals are using the pandemic for commercial gain, deploying a variety of attacks. Malicious file attachments containing malware payloads may be named with coronavirus- or COVID-19-related themes to infect a device and gain unauthorised access to the network. This can compromise sensitive data and cause extensive damage to an MSME’s IT systems. To protect yourself from such attacks be sure to double check that a website you are using is legitimate and trusted. To download specific VPNs, search for the company’s official website and install directly from there. Avoid downloading cracked versions, since they are usually bundled with other software or malware and can cause damage to the machine.

Weak passwords
Another threat facing the small businesses is weak or easily guessed passwords. With WFH multiple cloud based services are adopted, which require multiple passwords for multiple accounts. Using easy to guess or same passwords, can caused data to be compromised. Small Businesses should consider using Password management tools or enable multi-factor authentication technologies especially during Covid Times when system would be accessed remotely.

Remote working threats
COVID-19 pandemic led the transition of working to the digital channels. Usage of applications for remote working was rife before the COVID-19 crisis but as workers increasingly use personal devices to ensure business continuity, many communications are now taking place outside company firewalls. To prevent this MSMEs need to Implement Secure Remote Connectivity. Any connections made to the company should be performed through a VPN (Virtual Private Network) which either leverages SSL (Secure Sockets Layer) or IPsec (Internet Protocol Security) to encrypt communications from the remote teleworker’s machine; depending on various requirements. This safeguards both, the end user along with the corporate environment to ensure no pesky adversaries are snooping in-between. Organisations should make it mandatory that machines used for company’s business must have anti-malware, anti-spyware, and firewall software installed, to catch and eliminate threats before they become problematic.

Working from home can be daunting for staff who haven’t done it before, especially if it’s a sudden decision. Nearly 25% of employees working from home don’t know what security protocols are in place on their device and more than 1-in-4 have frequent or more issues with spotty WiFi limiting antivirus efficacy. Informing and training staff in their cyber security responsibilities is important and will ensure your staff can help protect your businesses.

In the current environment, where MSMEs are squarely focused on tackling operational stresses, addressing liquidity issues and securing the health and livelihoods of their workforce, cyber security threats may be underestimated. Hence during this critical period, it’s still essential they uphold good cyber-hygiene practices and don’t fall prey to malicious actors who capitalize on this disaster and further disrupt businesses.

(The author is Director, BD Software Distribution)