Cybersecurity threats are becoming a big problem for businesses in Kenya now more than ever, especially social engineering scams that bet on human nature of the end-user like curiosity and trust. But, once they err and get hooked, an attacker has found their way in! 

Being human is all about learning from mistakes made from errors, but in the business world, such errors can cost an arm and a leg! Scams in Kenyan businesses have increased exponentially, especially during and after the COVID-19 period. Therefore, an emphasis on human-centred solutions in cybersecurity company culture is vital to safeguard your most important assets: Your employees and data.  

Empower your employees!  

The best way to empower your employees is through cybersecurity training and more! But unfortunately, most, if not all, businesses in Kenya use email as the official communication channel, both internally and externally, on an official basis. It, in turn, opens a complex issue regarding how social engineering scams targeting Kenyan corporate emails is on the rise.  

According to Fraudwatch, your employees need cybersecurity training every 4 to 6 months to make sure they can identify ever-evolving social engineering scams that could compromise their accounts and your business. If you are interested in scheduling one with qualified cybersecurity professionals, click here.  

Humans are not the weak link…  

The problem is not the employees as much as it is an information gap issue. If the employees know what to look out for and gain the knowledge they need to stay on the safe side of this cyberspace, they will avoid falling prey to scams. Human-centric cybersecurity practices need to be standard practice as a culture, and everyone in the company needs to be on the same page. You can empower your employees when it comes to creating a cybersecurity culture.  

Making sure your employees get trained on a schedule will create an environment where they can own their role in the fortress, be confident to raise alarms where needed and be open to discussing such issues with their colleagues. It empowers them to be a human firewall.  

It sounds like an exciting prospect, we know. But as a Kenyan business tackling cybersecurity threats every week, how do you do this? How do you even start? 

Human-centred solutions for the workplace:   

In as much as human error can be a problem, human-centred solutions are proving to be the solution, especially when dealing with scams that exploit core aspects of humanity like trust and curiosity.  

Here are some ways you can implement these solutions and make them practised in your workplace:  

1. Analyze the present: Where are you as a company now regarding your cybersecurity posture? It helps set the benchmark for where you want to be as a company after making the necessary changes.  
2. Identify pain points and gaps: What threats have been giving you sleepless nights as a Kenyan business? Is it ransomware, phishing emails, or B.E.C scams? How do these threats sneak into your business environment? Where are the vulnerabilities? Understanding this will also serve as a benchmark after addressing these issues.  
3. Know the signs: Employees must understand how to spot red flags and have a defined structure or protocol that encourages them to report suspicious email correspondence. In addition, it will promote a cyber-smart culture in the workplace.  
4. Trust your gut: There are times when the scam is so clever and yet too good to be true that it might miss the red flag zone. Encourage your employees to trust their gut! If something smells fishy, they are on the right track to stopping a scam head-on.  
5. Introduce intelligent interfaces: As a company, you can introduce technology limiting human error and work with your employees to protect them and your data. These may include spam filters, encryption solutions, authentication, and password management.  
6. Update strategy and learnings: Understand the mistakes made as a company and how efficient internal structures are essential in creating a seamless response to threats. Always anticipating the worst-case scenario and how to deal with them also helps you not hyper-fixate on one threat when several are always lurking.  
7. Train, train, and train: Staff will need continuous training to adjust to the dynamic cybersecurity threats Kenyan businesses face today. Empowering them with the knowledge they need not only protects them, but helps the company as well.  

As we look at human-centric solutions to protect staff and data, companies are vested in providing the right ecosystem to ensure these structures flourish! The human being using the company device is not just the weak link in the chain but can be one of the strongest in your cybersecurity line of defence.