Cybersecurity for SMBs in Thailand needed for digitalisation drive

 

Thailand’s small and medium businesses (SMBs) play an essential role in the economy. They make up over 99% of the total number of businesses across the country. However, due to internal inefficiencies and constraints in the business environment, their contribution can be well below its potential.

 

According to Thailand’s Office of SMEs Promotion, Thailand’s total number of SMBs by the end of 2019 was 3,105,096, which represented a growth rate of 1.12% over the previous year. It accounted for 99.53% of all enterprises across the country. GDP of SMBs in 2019 was worth 5,963,156 million baht, accounting for 35.3% of national GDP.

 

A survey on 2,746 SMB operators in Thailand on the preparedness and self-adjustment of SMBs after the pandemic found that most SMBs do not have an online distribution channel (61.4%). But it also shows SMBs are accelerating digitalisation as a result of Covid-19 as they believe digitalisation will help in developing resilience against crisis.

 

While digitalisation is a useful tool for SMBs, it also opens loopholes cybercriminals can exploit. Data from Kaspersky have since revealed that small and medium companies are mostly targeted by three major cyber threats: phishing, ransomware, and cryptomining.

 

“With cyberattacks now cheaper to launch than ever, SMBs are finding themselves specifically targeted by cybercriminals. This is due to the fact that the pandemic has forced SMBs in Thailand and in the region to embrace digitalisation at the quickest pace possible to keep their business running, which at the same time opens loopholes malicious actors can exploit,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

 

Understanding the importance of cybersecurity for SMBs, more so in the stage of preserving cash flow, Kaspersky recently introduced its new solution for SMBs in the region, Kaspersky Endpoint Detection and Response Optimum (KEDRO).

 

“KEDRO goes beyond endpoint protection. It delivers full visibility and empowers SMEs’ limited IT staff to conduct a root-cause investigation and to quickly and intelligently respond against complex and costly threats. We have made this solution as simple to operate as possible, acknowledging the challenge of finding internal IT experts and most importantly, budget-friendly as we are aware of the financial impact of the pandemic to businesses,” explains Yeo.

 

Kaspersky also suggests five regular security checks to ensure smooth operation and better online security.

 

1. Renew the corporate site security certificate

 

Any website that requests or processes user data must has an SSL certificate. It protects information entered by visitors from being intercepted, and almost all modern browsers warn users that sites without an SSL certificate are insecure. That can scare off potential customers.

 

Your website most likely has an SSL certificate, but its validity period is limited. Depending on the certification authority, it will need to be reissued every three, six, or twelve months. Therefore, we recommend setting a reminder in your calendar about certificate renewal.

 

2. Update router firmware

 

The older the software, the more likely it is to contain vulnerabilities, so it’s critical to keep all software up to date. Workstation operating systems and applications themselves usually notify users when updates become available to install. But if you’re still worried about missing an important patch, use our corporate products, which contain an entire subsystem for tracking fresh vulnerabilities and fixes for them.

 

That said, it is not only employees’ computers that need updates. Routers also have built-in software — firmware — which over time likewise becomes outdated and vulnerable. Cybercriminals can then exploit the old firmware to infiltrate the corporate network. Unlike software on workstations, SOHO routers generally do not send notifications when the firmware is out of date, so updates have to be done manually.

 

Therefore, it’s important to inventory all corporate network equipment, and at least every couple of months check the administration console to see if a new version of the router firmware has appeared. If the console has no function to check for updates, you need to do it yourself on the manufacturer’s website. And if some devices are outdated and no longer supported, you should think about replacing them; vulnerabilities in such models will remain unpatched forever.

 

3. Revoke unnecessary rights

 

A dismissed employee can cause all kinds of trouble if their accounts and access to the corporate network are not closed in time. Cyberrevenge against former employers is real. To avoid a similar situation, make it a rule to revoke all access rights immediately after dismissal.

 

In addition, regularly audit all accounts and their permissions. It can happen that a person remains in the company but moves, say, to another department, where they no longer need some access rights but no one remembered to revoke them. Any unnecessary privileges can prove costly in the event of a cyberattack.

 

4. Back up

 

Backing up your data helps protect it from wipers, ransomware, careless employees, and other hazards. You can back up manually, but it’s better to schedule an automatic backup so as not to clutter your calendar with reminders.

 

That said, even if your company’s backups are automated, you should periodically check your data storage. Are the backup programs running smoothly? Is the storage address correct, or did someone sneakily change it? Do you have enough space for all of the data? Are the storage devices acting up? Modern data storage devices use S.M.A.R.T. technology to diagnose their own problems and predict how long they will survive. The technology analyzes the status of disks and reports issues.

 

If you store backups in the cloud, check the settings periodically and buy additional space before you need it.

 

5. Update antivirus licenses on servers

 

Security software on workstations and mobile devices won’t let you forget about subscription renewal. But don’t forget about servers. An unprotected server can cause a range of problems — from data leakage to hosting malicious resources in your infrastructure to turning your office into a cryptofarm.  Set a repeating reminder in your calendar to update server protection.

Viewed : 1674