Many times small businesses don’t allocate any of their budgets to cybersecurity. This is due to the common misconception that it’s only larger companies and governments that need to worry about attacks by hackers and the like.
This is not the case as Arindrajit Basu of The Centre for Internet and Society explains, “The kind of risks that smaller players are vulnerable to may not be on the scale of threats that larger companies encounter, but it is equally important for them to have good cybersecurity practices,” he says.
Phishing, an attempt to obtain sensitive information by disguising oneself as a trustworthy entity, and ransomware, a type of malware that threatens to publish the victim’s data or block access to it unless a ransom is paid, are the two most common kinds of attacks on small business according to Basu.
He adds that many hackers see small businesses as an easy way into a larger network. Once the smaller nodes are breached, they can easily get to the bigger players on the network.
Bengaluru, the startup capital of the country, has many such small businesses that need to better their cybersecurity practices.
The first and foremost step recommended by Basu is to create a strategy within your business plan and revise it periodically. This must include employee training and guidelines on what to if there is a breach.
Apart from this owners and employees are advised to routinely change passwords and back up their data on a device that doesn’t connect to the internet.
Owners are also advised to monitor access to admin accounts.
Many small businesses and startups don’t have offices of their own, which means employees end up working at a cafe or the like.
When working at these venues, make sure to carry your own WiFi or use the hotspot from your phone. Open WiFi networks are vulnerable to attacks.
Basu concludes by saying that small businesses must be periodically audited by an independent cybersecurity firm.
MUST KNOW
If a hacker gains access to your network, they have access to:
THE CONSEQUENCES
Since small businesses don’t usually have capital allocated to cybersecurity in the first, many of them don’t recover if there is a hack. Here are a few possible
consequences of an attack: