Employee training session on cyber risk awareness in MSMEs

India’s micro, small, and medium enterprises (MSMEs) must now undergo annual cybersecurity audits, as mandated by CERT-In’s new rules effective September 1. This requirement sets a basic cybersecurity standard tailored for smaller firms, complementing the broader July directive that applied to all organizations. MSMEs, contributing about one-third of India’s GDP, face growing cyber threats due to their digital growth and supply chain roles.

Employee training session on cyber risk awareness in MSMEsEmployee training session on cyber risk awareness in MSMEs

The guidelines specify 15 core cyber defense controls with 45 recommendations, covering areas like asset management, patching, network security, password policies, and system log retention for 180 days. Beyond audits, MSMEs must report cyber incidents within six hours, perform yearly vulnerability assessments, and provide ongoing employee cyber training.

Employee training session on cyber risk awareness in MSMEsEmployee training session on cyber risk awareness in MSMEs

Audits must be done by CERT-In-approved firms, which will also advise on improving defenses beyond minimum standards. While adding compliance costs, regulators stress this is essential to protect India’s digital economy, aiming to prevent MSMEs from becoming weak cybersecurity links.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security