Did you know that almost 50% of Kenyan businesses have suffered a cybersecurity breach during the COVID-19 pandemic? Whether you are part of the lucky half that avoided such an attack, or you are only just recovering, the issue of cybersecurity in Kenya is no longer possible to ignore. Kenyan businesses faced thousands of attacks over the past year. And these attacks are expensive – experts believe they cost the economy some Sh 30 billion each year.

Now, if you are running a fast-growing small or medium-sized business, cybersecurity might not be your top priority. We get it – you’ve got a company to run, you need to hire new people, support existing customers and attract new business. And so following cybersecurity best practise might sometimes take a back seat. The risk, however, is that malicious actors could steal your intellectual property, hold you to ransom or stop your employees from working.

The good news is that dealing with the cybersecurity threat is more straightforward than you might assume. In this blog, we will be explore how Kenyan businesses can expand confidently by using the most advanced cybersecurity.


Understand the threat you are facing

Before you can develop a cybersecurity strategy, you first need to have a real understanding of the threats facing your business. Depending on your industry, the market you operate in and the kinds of technology you use, the threats might vary. However, common risks include:

  • Phishing: This is the leading cause of cybersecurity breaches in Kenyan businesses. Malicious actors will send genuine-looking emails to your employees asking them to download a link or open a web page. By clicking on the link, the employee inadvertently lets the hacker into your company’s systems.
  • DDoS: A Distributed Denial of Service (DDoS) attack is basically an attempt to force your company’s website or online services to fail. Attackers send large amounts of internet traffic to your website which means it becomes overwhelmed.
  • Malware: Malware attacks involve hackers entering your systems through software that has a virus hidden inside.
  • Hacking: Hacking can go from the very simple (guessing your employees’ passwords) to the very complex (such as finding weaknesses in unpatched software) to break into your company’s systems.
  • Remote working vulnerabilities: If your employees are working remotely because of the COVID-19 pandemic, this may expose you to specific vulnerabilities. Staff may be less alert to phishing scams when working from home, or they may connect to your company’s systems over public Wi-Fi, which is not as secure.

These are just some of the many ways that malicious actors could enter your businesses systems and exploit your data.

Learn more: What is a security-conscious culture?


3 simple cybersecurity steps for Kenyan business leaders

How can you improve your SME’s cybersecurity posture? While the specific strategy for each business will vary, the following steps will set you in good stead as your business grows.

1. Educate your employees about cybersecurity

Probably the biggest cybersecurity weakness for any business is its staff. Employees who are not aware of today’s cyber risks, who use weak passwords or don’t know how to identify phishing scams, are a real liability. From your receptionist right up to senior management, it’s vital to train staff in cybersecurity best practice – and offer refresher courses over time too. Training is an investment – but when compared to the impact of a major breach, the benefits outweigh the costs.


2. Maximise the tools you’ve already got

If you are using a cloud-based platform like Microsoft 365, you already have access to some of the most advanced business security technology on the market. Unfortunately, many businesses just use the ‘factory settings’ in these environments and do not customise them to their business’s needs. Spend some time getting to know the security settings in your working environment and apply the right defences for your business.


3. Build your cybersecurity around identity

In the old days, you needed little more than a username or password to enter a business environment. Once through the gates employees (and attackers) can access almost anything they want. However, it is now increasingly easy to create a security set-up built around each individual’s identity.

In Microsoft 365 for instance, you can set specific permissions for what people can and cannot do with your content, use multiple types of authentication (including biometrics) and benefit from artificial intelligence, which can identify any suspicious behaviour.


Webinar: Identity is the new security


Grow your business securely

Speak to FITTS Africa Team today to learn how FITTS can support Kenyan businesses to scale up their technology platforms as their business grows. Because security is so vital, we can help you address the ways your company can boost its defences. Contact us today for help with your security posture.