Training for SMEs on Cyber Hygiene

Date: Tuesday 23rd January 2024. 8.00 am to 4.30 pm.
Place:  Nairobi.


KICTANet in collaboration with KPMG and the ICT Authority with support from the UKAid (FCDO) have been implementing a joint project to promote cyber hygiene awareness in Kenya, targeting small and medium-sized enterprises (SMEs). The project has so far developed a cyber hygiene awareness curriculum and content targeted at SMEs. As part of this initiative the partners will convene a one-day cyber-hygiene awareness workshop targeting 80 participants drawn from various SMEs in Kenya. 


SMEs contribute 40% to Kenya’s GDP and comprise 98% of businesses in the country. This, in combination with limited funds for cybersecurity and IT resilience, makes them a prime target for cybercriminals. An increase in unsecured remote connections, as companies instituted work-from-home policies brought about by the COVID-19 pandemic, introduced a new vulnerability to be exploited by cybercriminals.

Women-owned businesses account for 48% of SMEs which means the program will greatly help local female empowerment efforts. SMEs account for 30% of new jobs created annually and with the youth accounting for 68% of the persons seeking employment in Kenya, empowering SMEs will also help to tackle unemployment. While there is legislative guidance in Kenya, it remains uncoordinated with no clear structure or coordination mechanism. Also, legislation introduced may have introduced new roles that SMEs may not be aware of i.e. Data Controllers, Data Processors, and Data Protection Officers.

By working with SMEs to become more technology literate, we move closer to Kenya becoming a Silicon Savannah, which cannot happen without a populace that is technologically literate and practices good cyber hygiene. SMEs are a vital part of the Economic pillar for Vision 2030. The initiative will help put decision-makers and IT teams on the same page, since the training has different levels, thus helping break down complex concepts in a simple way.

Currently, the curriculum covers 10 key topics that are critical for the mission of SMEs. These include: Introduction to Cyber Hygiene, Primary SME Resources and Issues, General Cyber Hygiene, Managing Digital Assets, Device Management, Network and Connectivity Management, Software Management, Social Media Management for Cyber Hygiene, Data Management, People Management, Legal Compliance, Money Management, Reputation and Brand Protection and Emerging Technology. 

80 participants who are owners, employees, and stakeholders of small and medium-sized enterprises (SMEs) in Kenya. Specifically, the training will target members and partners of KEPSA, KAM, KNCCI, UK-Kenya Tech Hub, GIZ, British Council, KPMG, KUSCCO, and KPMG. Participation in this training will be offered on a first-come basis and at no cost to the participants.


The primary goal is to raise awareness about cyber hygiene practices among small and medium-sized enterprises in Kenya.

Target Audience

80 participants who are owners, employees, and stakeholders of small and medium-sized enterprises (SMEs) in Kenya. Specifically, the training will target members and partners of KEPSA, KAM, KNCCI, UK Tech-hub – UK-Kenya Tech Hub, GIZ, British Council, KPMG, GIZ, KUSCCO, SASRA, and KPMG.


  1. Enhanced Cyber Hygiene Awareness: The development of cyber hygiene awareness content and key messages in collaboration with KPMG will result in Information, Education, and Communications (IEC) materials that help the target audience understand the importance of cyber hygiene and adopt best practices to minimize security risks. This outcome will lead to a more informed and security-conscious user base, which will contribute to their overall security.
  2. Improved Cybersecurity for the target audience: The creation of materials and a cyber awareness campaign for vulnerable groups will ensure that the target audience is well-informed about cyber hygiene practices and the potential risks they face online. By focusing on these groups, the campaign will help to reduce the likelihood of cyberattacks and data breaches, ultimately contributing to a safer online environment.
  3. Expansion of Cyber Hygiene Training: The Training of Trainers (ToT) sessions will equip a group of trainers with the necessary knowledge and skills to further disseminate the training to the target beneficiaries. This outcome will result in a larger number of individuals being trained in cyber hygiene practices, leading to more widespread adoption of these practices and a stronger overall cybersecurity posture.

About KICTANet.

KICTANet is a non-profit organization, which acts as a multi-stakeholder platform for ICT policy and regulation. KICTANet’s guiding philosophy encourages synergies for ICT policy-related activities and initiatives. As such, the network provides mechanisms and a framework for continuing cooperation and collaboration in ICT matters among industry, technical community, academia, media, development partners, and Government.


Time Session Presenter / Moderator
8h00 – 8h30 Arrival and Registration KICTANet 
8h30 – 8h40 Welcome and Introductions KICTANet 
8h40 – 8h45 Keynote address ICTA
8h45 – 8h50 Opening Remarks Andy Chadwick – FCDO/ UKAid
8h50 – 8h55 Opening Remarks Moses Kipchirchir – KPMG
8h55 – 9h00 Objectives and Agenda-Setting KICTANet/KPMG
9h00 – 10h30 Introduction to Cyber Hygiene.

Data, Legislation, and Governance.

Plenary Discussion.

Dr. Katherine Getao
10h30 -10h45 TEA BREAK
10h45 – 12h30 Networks, Devices, Software and Systems and Emerging Technology .

Plenary Discussion.

Dr. Paula Musuva
12h30 – 13h00 Practical Exercise KICTANet
13h00 – 14h00 LUNCH
14h00 – 15h30 Social Media, Branding and Money

Plenary Discussion 

Dr. Katherine Getao
15h30 – 16h00 Instructors process Dr. Katherine Getao
16h00 – 16h30 Cybersecurity Toolkit for SMEs KPMG
16h30- 16h45 Evaluation KICTANet



Translate »