[{"data":1,"prerenderedAt":121},["ShallowReactive",2],{"\u002Fblog\u002Fcybersecurity-smes-kenya":3,"\u002Fblog\u002Fcybersecurity-smes-kenya:surrounding":111,"\u002Fblog\u002Fcybersecurity-smes-kenya:related":120},{"id":4,"title":5,"accent":6,"author":7,"authorRole":8,"body":9,"category":99,"description":100,"extension":101,"featured":102,"meta":103,"navigation":104,"path":105,"publishedAt":106,"readTime":107,"seo":108,"stem":109,"__hash__":110},"blog\u002Fblog\u002Fcybersecurity-smes-kenya.md","Cybersecurity Pressure Points Hitting Kenyan SMEs Right Now","#ff6b57","Brian Kamau","Security Analyst",{"type":10,"value":11,"toc":91},"minimark",[12,16,21,24,27,31,34,53,56,60,63,78,81,85,88],[13,14,15],"p",{},"Most SME incidents are not the result of elite adversaries. They come from reused passwords, unclear access ownership, unpatched devices, and email habits that no one has challenged for years.",[17,18,20],"h2",{"id":19},"the-common-pattern","The common pattern",[13,22,23],{},"An employee receives a convincing message. A password gets reused. A system has no MFA. An old device remains connected because removing it feels inconvenient.",[13,25,26],{},"None of those steps sounds dramatic in isolation. Together they are enough.",[17,28,30],{"id":29},"what-deserves-priority","What deserves priority",[13,32,33],{},"Security work for SMEs should begin with a short list of controls that reduce real exposure:",[35,36,37,41,44,47,50],"ul",{},[38,39,40],"li",{},"enforced MFA for email and admin accounts",[38,42,43],{},"device inventory with ownership",[38,45,46],{},"patching discipline",[38,48,49],{},"role-based access review",[38,51,52],{},"tested backups",[13,54,55],{},"These controls are not glamorous, but they are the difference between disruption and recovery.",[17,57,59],{"id":58},"stop-buying-tools-before-clarifying-process","Stop buying tools before clarifying process",[13,61,62],{},"Many teams invest in new products before answering simpler questions:",[64,65,66,69,72,75],"ol",{},[38,67,68],{},"who approves new software?",[38,70,71],{},"who removes access when someone leaves?",[38,73,74],{},"where are credentials stored?",[38,76,77],{},"who checks backup integrity?",[13,79,80],{},"If process is absent, tooling usually adds surface area faster than protection.",[17,82,84],{"id":83},"security-is-operational-design","Security is operational design",[13,86,87],{},"The most resilient businesses treat security as part of daily operating discipline. It shows up in onboarding, documentation, vendor review, and escalation pathways.",[13,89,90],{},"That is where maturity starts.",{"title":92,"searchDepth":93,"depth":93,"links":94},"",2,[95,96,97,98],{"id":19,"depth":93,"text":20},{"id":29,"depth":93,"text":30},{"id":58,"depth":93,"text":59},{"id":83,"depth":93,"text":84},"Security","Small and mid-sized businesses are exposed through routine operational gaps, not only sophisticated attacks. The basics still decide most outcomes.","md",false,{},true,"\u002Fblog\u002Fcybersecurity-smes-kenya","2025-03-05","6 min read",{"title":5,"description":100},"blog\u002Fcybersecurity-smes-kenya","4K8r5F-YY88yCwyEey0_ZlVYJYAUo0EQetbj_QbLUg8",[112,116],{"title":113,"path":114,"stem":115,"children":-1},"A Cloud Migration Checklist for East African Operating Teams","\u002Fblog\u002Fcloud-migration-checklist","blog\u002Fcloud-migration-checklist",{"title":117,"path":118,"stem":119,"children":-1},"Kenya's Fibre Revolution and the Systems Businesses Need Next","\u002Fblog\u002Ffibre-revolution-kenya","blog\u002Ffibre-revolution-kenya",[],1779824026462]