Don’t Get Hacked: Essential Cybersecurity Training for SMEs 

While technology is the backbone of our society today, cybercrime vulnerability continues to expand. People must be aware of their level of internet safety and take precautions to secure their data. How can we ensure the most effective implementation of safeguards against cyber insecurities? According to recent research on cybersecurity, various governments and companies are taking the initiative to train in cybersecurity.

On April 8, 2024, we facilitated a cybersecurity training aimed at empowering Small and Medium-sized Enterprises (SMEs) and startups in Kitale, Trans-Nzoia County. The training was supported by Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) and GFA Consulting Group GmbH. Participants gained the information they needed to manage cyber threats and implement safety measures to protect their businesses. 

Key Areas Covered

Knowing what you have means knowing what needs to be secured in your business and identifying your risks. One of the approaches used was inquiring about participants’ knowledge of what was in their pockets. Some understood exactly what they had, some knew but were unable to pinpoint it and some had no idea. The purpose of this scenario was to convey to the participants that they cannot defend what they do not possess or are unaware of. Linking it with the cybersecurity training, participants understood that they own different enterprises and how best they can protect them in online space.

Updating defences: this revolves around digital defence from digital threats by updating your systems and applications and securing your websites.

Beyond simple passwords:

Did you know that by combining uppercase and lowercase letters, numbers, and symbols in a password, the number of possible combinations skyrockets to over 6 quadrillion? 

That’s like having a different key for every grain of sand on Earth! Thus making your accounts much harder for cybercriminals to crack. Participants were taught how to strengthen their passwords and set up multi-factor authentication to protect their devices and accounts. In response to this, a participant showed their appreciation.

You can also confirm how safe you are on the internet by using this tool: https://gcatoolkit.org/smallbusiness/

This training was very insightful. Now I know how best I can protect my business in the online space. This is the kind of training I need for my employees.-Participant

Prevent phishing and malware attacks:

Did you know that you can be exposed to phishing and malware attacks unknowingly? Phishing attacks can appear as links from official sources like your bank and can lead to malware attacks, stealing your passwords or sensitive data. The training covered examples of how some of them can happen and how to avoid them. For example, receiving a spam email from info@edutab.afrika instead of info@edutab.africa can be avoided by blocking emails from unknown senders or by verifying the sender’s email address before opening the email.

Backup and recovery strategies:

The training emphasized backing up data separately, as this ensures that one can still access their data in case it’s lost or stolen.

Protecting email and reputation: Businesses should strongly emphasise implementing robust email authentication protocols to safeguard their brand reputation and protect their customers from phishing attacks.

Participants were taken through the password-creating activity. This was done in groups, as they worked together to come up with strong passwords for their agreed-upon organization. Thereafter, we ran it together through software to detect how long it would take to crack the password. This activity strengthened their knowledge of creating strong passwords using alphabets, numbers and non-alphanumeric characters.

Additionally, they practically learnt how to secure both their personal and business social media accounts and their emails by applying two-factor authentication and how to log out of devices that they accessed but that were no longer needed.

When will you have a cybersecurity training for children, after what I have learnt today, I am looking forward to that’- Participant

Conclusion

With technology being the backbone of our society, rising cyber threats necessitate increased awareness and proactive data security measures. This training equipped participants with vital knowledge and practical skills to manage cyber threats and protect their businesses. Hands-on activities like password creation and two-factor authentication setup enhanced participants’ understanding of securing both personal and business accounts. This initiative underscores our commitment to promoting a safer digital environment. Our gratitude goes to Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ), GFA Consulting Group GmbH and all the participants who made this training successful.

Written by Magdalene chorongo