MSMEs as Main Actors in Cyber ​​Security: Several Challenges and Opportunities in Implementation

Sudianto Oei, CEO of Hypernet Technologies (photo: dock. special)

JAKARTA - Cyber ​​threats continue to grow very rapidly following technological developments. As the digital economy grows, businesses must improve their protection and security systems to prevent attacks from irresponsible parties.

This is quite commonplace in corporate circles. However, for MSMEs that are limited in terms of budget and human resources, cyber security often has to be reduced to priority number one, even though the fact is that cyber security does not have to be expensive or complex to implement.

Getting to Know Cyber ​​Security at the MSME Level

Apart from limited budget and human resources, one of the factors that hinders MSMEs from adopting cyber security solutions is a lack of awareness, both of the importance of security itself and of technology in general.

According to the Ministry of Communication and Information of the Republic of Indonesia, only 32% of the total of more than 64.2 million MSMEs throughout Indonesia have adopted technology. As you can imagine, only a few have integrated security into their systems. On the other hand, MSMEs contribute up to 60.5% of Indonesia's total GDP, so MSMEs should receive treatment like vital state assets thanks to their significant contribution to the national economy.

MSME players must also understand that even though their size is not large, cyber threats are a real risk that not only haunts corporate-class companies, but can also endanger MSME businesses. Some examples of real losses that MSMEs can suffer due to cyber attacks include material or financial losses, distributed denial of service (DDoS) attacks which can paralyze business operations, and loss of customer trust.

From a regulatory perspective, the Indonesian government has issued Law Number 27 of 2022 concerning Personal Data Protection (also known as the PDP Law) which requires business actors as personal data controllers to maintain the highest security standards in processing data. For business actors who deal with customer data, the principle by design and by default which underlies the PDP Law must be considered from the start of the service.

With its various limitations, MSMEs should focus on implementing at least two security technology solutions that are the most basic and are able to ward off most threats out there. Both solutions include firewall and end point protection.

As the name suggests, a firewall acts as a protective "wall" that scans external connections and data to find signs of danger such as backdoors or hidden security gaps, DDoS attacks, devices for logging in remotely, and computer viruses. The firewall will then match it against its database and determine whether the incoming traffic is safe or not.

The second is end point protection, or protection of "end points", namely devices belonging to individuals and companies, such as smartphones, computers, laptops, tablets, and various other types of devices that can be connected to the internet network.

Since the proliferation of the bring your own device culture which allows employees to use their own devices, coupled with the availability of public WiFi that can be accessed by everyone, there are more and more end points that must be secured by business actors. By using end point protection, businesses can protect the network as well as every other device connected to the local internet network.

Apart from the two solutions above, the other most effective – and cost-effective – measure in securing the system is caution and basic knowledge of cyber security. Not infrequently, attacks can also be carried out using social engineering methods or building trust with internal parties such as company employees, or through phishing messages containing links and files that look safe, but are actually dangerous. So, it is very important not to carelessly trust unknown people or other entities, and not to carelessly click and download.

A few tips for MSME business people who are constrained by budget and human resources, all of these solutions can be obtained through managed services providers (MSP) or managed service providers. Through MSP, business actors do not need to invest large amounts at the start and only need to plan operational expenditure (opex) whose value is in accordance with service usage.

Apart from that, by using MSP services, business actors can employ a leaner IT team, because they will also be supported by a team of consultants who are also skilled in cyber security. In choosing an MSP partner, it is very important to ensure that the MSP has certification in the security sector, especially ISO 27001.

Finally, cyber security must be the foundation and lifeblood of businesses, including MSMEs. Hypernet Technologies as one of the leading MSPs in Indonesia strongly encourages tens of millions of MSMEs in the country to begin to realize the importance of cyber security in the continuity of their business, as well as playing an active role in protecting Indonesian people's data from irresponsible parties.

(By Sudianto Oei, CEO of Hypernet Technologies)