We know gold is a precious metal, and so is the data that your organization generates every day. Be it your industrial designs, financial sheets, employee records, customer details, etc., all this data is valuable for your business. Based on this data you can make informed decisions and chart a growth strategy in the market, instead of making guesses and assumptions. That’s why the data today is your digital gold, which is invaluable. And, just like gold this data too needs to be protected as a valuable asset. We had the opportunity to interact with Mr. Vishal Shah, Co-Founder and CEO of Synersoft Technologies, and gain insights on how MSMEs can keep their data safe and the best practices to follow for data loss prevention. Here is an excerpt from the interaction.
Why do we say data is digital gold and it needs to be protected?
Let us first understand why we consider data as digital gold. Take an example of an MSME or any business enterprise, which is in the domain of engineering or manufacturing. They have their designs, drawings, intellectual property, all these things have a lot of competitive value, if this competitive value is realized, just like gold, it is very precious. These digital assets, because they have a lot of business information and intellectual property, which can be capitalized by the competitor. That’s the reason we consider these digital assets and data as digital gold. For example, let’s say an insurance company, all private data of their customers is actually a gold you know, they need to protect if they don’t protect that particular data and if it is misused by some unscrupulous people, then it can be irreversible damage to the reputation of the company and the business of the company as well as to the personal interest of the people whose data was entrusted to them. So, that is the reason we consider that data is digital gold and that digital gold has to be protected. It has to be protected from loss and has to be protected from theft or leakage.
So, what will be your top recommendations to the MSME companies that want to streamline their data management in the company with a focus on data security and prevention of data loss?
I would always recommend a zero-trust policy for MSMEs, as they neither have experts nor have the money to deploy very complex IT solutions. So on first level for an MSMEs, a zero-trust solution means it gives minimum liberty to the end-users. It only allows enterprise resources to be used for the enterprise purpose, not for anything else. So in my opinion, device hardening is the best solution for an MSME, because they are assured that once a device is hardened then a particular user having rights to use just Word, Excel, PowerPoint, and Tally will only be able to access those applications and nothing else. He cannot install any other application also, and can only do as per the access policies set by the organization for him.
Taking it to a second level, this device hardening will make sure that the user can save data on the central location or a container in his hard drive in which he can save the data. So the MSME is now having another zero-trust policy where it doesn’t trust the user for voluntary initiatives. Rather, it mandates the user to work within a designated zone and save his data within that monitored zone.
The Third Level is about the ‘minimum monitoring and maximum control’ kind of policies. Large enterprises have a lot of leading indicators of cyber threats and some insider threats. And they have professionals who can monitor these leading indicators, and they can avert the incidence. Whereas, in MSMEs, it is not like that. So, for an MSME, it has to be a maximum control, minimum monitoring approach. When you have maximum control, you don’t have to monitor the people. Let’s say, out of 50 people, they know that 30 people don’t need to send emails outside the organization; they can only send emails for internal work. Then the organization should have hardening policies such that they’re not able to send emails outside of their particular domain, so they don’t have to monitor those 30 users for the email activities. Then the organization has to deal with the remaining 20 only nothing else. The MSMEs have to accept that, they cannot spend a lot of money on complicated IT systems because they don’t have manpower on their side and they cannot afford IT manpower. So they need to go for some ready-made solutions like device hardening and zero trust policies. With zero-trust policies and maximum control, and minimum monitoring the MSMEs can protect their data from loss leakage, and theft.
Mr. Vishal Shah will be our guest speaker for a free webinar on this topic on 6th May at 2:30 PM. To join click here for registering.