Categories: Interview

MSME are still way behind on the cyber security learning curve: Synersoft


Synersoft, a maker of path breaking and disruptive technology for SMEs, now branded as BLACKbox, is an incubated and invested portfolio company of CIIE – IIM-Ahmedabad, (Center for Innovation, Incubation and Entrepreneurship at Indian Institute of Management – Ahmedabad).

It is one of the very few Indian companies, with Indian products, solely focused on SMEs of India. Technologies developed by Synersoft are aimed at minimizing IT infrastructure cost for SMEs, and enhancing competitiveness with state-of-the-art IT standardization. These solutions focus on data preservation, data security, fraud mitigation, and software license cost minimization.

Here, Vishal Shah, Co-Founder and CEO, Synersoft Technologies Pvt Ltd, tells us more. Excerpts from an interview:

DQ: What are the best practices Synersoft is following to improve cybersecurity and data loss prevention?

Vishal Shah: Synersoft follows a zero-trust policy in all its information security practices. To ensure cyber security, it uses a virtual private network for allowing external access to its applications and data. It uses anti-virus on all its devices. The devices used by the team at Synersoft are hardened to allow users to access specific applications and data and to restrict users to be able to install any other applications.

DQI Bureau | DATAQUEST Vishal Shah.

It uses an active recycle bin to capture data deleted by the users over the network so that it can be recovered if such delete action is accidental or intentional. It also maintains file operation logs to be able to identify if the delete action was intentional. Synersoft uses a mail distribution system as a layer between G-Suite email host and the user to apply email vigilance and control policies.

Synersoft uses a firewall to allow users to access websites that are required for their professional work. it also uses its patented automatic data isolation technology when the user accesses the Internet for research or business development purpose in which restrictions are minimal.

DQ: What are the biggest issues that MSME companies must face from a privacy perspective? How are you helping them in data theft?

Vishal Shah: MSMEs exchange, use and, store data of customers, and employees in terms of technology, IPR, personal data. For example, a diagnostic lab would store the biological data of all its customers.

A stockbroking firm would store the financial and personal data including the signature specimen of its customer. A hospital would store privacy-bound data of its patients. A school or coaching class would store the personal data of minor students and their parents. This data could be misused to commit crimes, make unsolicited calls, or identify theft.

In a way, MSMEs become custodians of such data of their customers and employees. They need to protect data from theft. Synersoft helps MSMEs to protect their data from theft in various situations. It helps MSMEs to protect data from theft over the USB ports, Email Attachment, Blind Carbon Copy (BCC), and cloud drives.

DQ: How much has India’s cyber security awareness and practices advanced in the last three years?

Vishal Shah: Cybersecurity awareness and practice advancement in India differs across types of enterprises from a B2B perspective. Large enterprises and the Government have evolved and matured their cyber defense with great awareness. Unfortunately, from an MSME perspective, it is way behind on the learning curve.

Cyber security awareness in MSMEs needs to be improved to a great extent. MSMEs need to gear up their cyber security practices to maintain their competitiveness on the global standards. On the consumer side, growing number of cyber crimes and estimates on unreported cyber crime are alarming. It mostly happens because India does not have a privacy protection law in place. That leaves many loopholes for cyber criminals, as well as dilutes the accountability of merchants and enterprises to protect consumers’ data from theft and misuse.

DQ: How does the Blackbox Duo assists MSME companies in data breaching by Synersoft?

Vishal Shah: BLACKbox Duo solves a serious problem from an MSME perspective. MSMEs cannot afford to provide company-owned laptops to their remote users for cost and logistics reasons. Most of them rely on their employees to use their personal laptops on a BYOD basis.

BLACKbox Duo makes dual profiles on employee’s personal laptops, i.e., personal and professional. BLACKbox Duo intelligently applies enterprise policies on professional profile and gives access to enterprise data and networks. It does not apply enterprise policies on personal profile to allow the employee to use the device for personal purpose. BLACKbox Duo invokes backup only for the data residing in professional part of BYOD laptop.

DQ: How is BLACKbox MAX helping the MSMEs sector in data loss, data theft and ransomware?

Vishal Shah: BLACKbox helps MSMEs to deal with external threats as well as insider threats that can lead to data loss or leakage. Data loss can happen by deletion, ransomware, disaster, or hardware failure. BLACKbox applies Active Recycle Bin which enables MSME to recover data after deletion. It also helps MSMEs to identify who deleted the data.

BLACKbox applies primary-hidden chamber technology to maintain previous versions of in an isolated media to enable MSMEs to recover data after ransomware attack. It also provides hook to cloud backup to enable MSME to recover data after disaster or hardware loss. BLACKbox provides control options to restrict, control, and monitor USB ports, email communication, as well as data exfiltration over the Internet to enable enterprises to prevent data theft by external hacker or an insider.

DQ: How are you using signature in VRSAFE strategies that can mitigate cyber breaches for MSMEs?

Vishal Shah: VRSAFE stands for use of VPN for remote access, Router to block ports, standard email systems, antivirus deployment, foregoing piracy, and strong employment agreement. We advise that MSMEs must use VPN to give remote access of its apps and data by using inbuilt facility in most routers. They should also block inbound communication at router level except for VPN.

We strongly recommend use of standard and secured email systems that use TLS for exchanging the emails for protection against phishing and identity theft. You can have a licensed and updated antivirus on every system used by MSME. We recommend the use of licensed software only, and forego piracy to protect MSMEs from malware, which is mostly part of pirated software.

Employment agreement between employee and MSMEs should clearly state confidentiality clause and hold the employee accountable to protect data from theft or leakage.

Pradeep Chakraborty: