1. Home
  2. news
  3. cybersecurity 101 smes skywave technologies

CYBERSECURITY 101 FOR SMES | Skywave Technologies

29 Apr 2025

Getting hit with any kind of cyberattack can be scary, but Ransomware is especially stressful. The first step is to not panic, this is just another challenge for your business to overcome, and your response can be broken down into a few stages.

 

Isolate & Assess

Communicate First, you and your IT resource need to take steps to mitigate the current attack and attempt to stop it spreading further or doing more damage. Without getting into the technical details, the easiest way to do this is disconnect the device (servers or PCs) from the network by simply unplugging their internet cables. Don’t shut them down, this can sometimes cause bigger issues, more damage to your data and remove important evidence. 

Once removed from the internet, most viruses can’t do further damage, this will give you time to understand what has happened, how many of your assets are compromised and set an action plan. It's important to keep the devices isolated, don’t attach any USB devices, such as storage drives, or transfer files as this could allow the infection to spread further. The isolation includes un-infected devices, this stage is about preventing further spread, so if you’re not sure how bad things are, disconnect everything and methodically verify what is and is not safe to reconnect.

During this stage, it’s easy to get overwhelmed and miss details, so it’s important to collect evidence such as screenshots, take notes of the timeline, and interview staff who first noticed the issues. This information will be very helpful for technical investigations, and ensuring a safe recovery

 

Communicate

It’s important to be honest with not only your staff, but your stakeholders and customers. If you must pause operations while the attack is investigated, or just cut off access to some systems, your staff must be clearly informed about what is happening so they can adjust.

Meet with your IT resources and ask for a realistic timeline to recover, but keep in mind that it’s possible at this stage they might just not know. It’s best to not pressure for an arbitrary date, and instead ensure they have the resources and support needed to recover faster, you’ll get a better outcome that way.

Report the incident to the police, there is a cyber branch of the Thai police that handles Ransomware incidents and they can offer advice, resources and maybe assistance (https://thaipoliceonline.go.th/) . Contact your insurance company, while it’s unlikely you have specific cybersecurity insurance, damages might be covered and will likely need a police report to claim. This is where the evidence you have collected and preserved by not shutting down the servers will be used.

PDPA law in Thailand also comes into play here, if you suspect that personal data may have been compromised (belonging to your staff, customers or anyone else) then you should consider the incident as a data breach. The Personal Data Protection Committee (PDPC) must be notified within 72 hours of you becoming aware of a breach, and if it’s serious enough, you must notify the data subjects too.

 

Recover

You've got backups of your critical data, right? Right? 

Many businesses think they do, but it turns out they are either not running for some reason, or there is no plan or workflow to use the backup to perform a recovery. In addition, attackers are smart and understand that backups are your 'get out of jail free' card, they will look for them and attack them too if they're connected to the same network. Following the '3-2-1’ backup rule can save you here by ensuring you have an off-line backup copy, even if it's a few weeks old.

Identifying a 'known good' restoration point is important, you don't want to just restore the latest possible copy, as that might still contain the virus that you're trying to avoid.

 

Learn and evolve 

Once the dust has settled, your blood pressure returned to normal, and everyone is back to work again, it's good to schedule a few meetings with your IT resource to assess what happened and how to avoid it in the future. 

Do this early, while it's still fresh in everyone's mind. Ask your IT resource to create a formal incident report with clear facts, an unbiased account of events and honest recommendations. Assigning blame to an individual is usually unhelpful, attacks happen and attackers are sophisticated. No business is immune, regardless of the budget or skill of the IT team, what is important is how you handle the incidents and learn from them.

 

Can you share a story of how Skywave helped an SME overcome a major challenge in cybersecurity? What was the outcome?

Most cybersecurity attacks on businesses can be traced back to some kind of cybersecurity governance issue within the business. Rather than addressing individual technical challenges, something we do for all of our customers is to address cybersecurity strategy and policy from a high level. While the movies can make hacking, and defending against hackers, look cool and fun, most of the work is just good decision making before you even touch the keyboard. 

Currently we are working with a new customer who was facing around 10 years of ‘technical debt’ built up by their previous IT resource who lacked the required knowledge in multiple areas to implement secure systems.

In addition, the previous executive management didn’t provide support or oversight of decision-making. The end result was multiple technical projects being left in a very vulnerable state, no real documentation and no understanding of high risk issues. 

Our pre-sales process includes a technical audit, with a focus on cybersecurity, we call it our ‘IT health check-up report’. Based on the results of this report, we highlight and target the highest risk areas and set goals, plan projects and generally implement targeted changes to reduce risk across the board. 

Over the past months we have discovered and closed many misconfigured and open systems, including finding an isolated groups of servers that were already attacked with ransomware without anyone noticing, back in 2021! In addition, we replaced this poorly configured server stack with a single, secure solution, cutting the monthly hosting costs from around 17k THB to around 400 THB for this service. 

For the year ahead, we have a plan to integrate their IT procedures with their head office to take advantage of shared resources, save costs and create stronger governance over data and IT systems.

 

If you could give SMEs just one piece of advice on strengthening their cybersecurity, what would it be?

The single biggest cybersecurity threat to SMEs is email phishing and other types of social engineering. All your investment in technical solutions like firewalls and antivirus software can and will be defeated by one of your staff clicking a link in a well crafted fake email and giving away their passwords or downloading malware. Every business has at least one staff member who clicks on everything, types first and thinks later (you know the one I’m talking about!). 

The solution is regular cybersecurity user training, it’s a cost-effective way to empower your staff with the knowledge and skills to identify what they should and should not click on. Combined with a controlled email phishing training solution, you can keep your staff aware of common email phishing tactics to protect not only your business, but themselves in their personal life too.