Developing cybersecurity education and awareness programmes for Small and medium-sized enterprises (SMEs)
Purpose: An essential component of an organisation's cybersecurity strategy is building awareness and education of online threats, and how to protect corporate data and services. This research article focuses on this topic and proposes a high-level programme for cybersecurity education and awareness to be used when targeting Small-to-Medium-sized Enterprises/Businesses (SMEs/SMBs) at a city-level. We ground this programme in existing research as well as unique insight into an ongoing city-based project with similar aims. Findings: We find that whilst literature can be informative at guiding education and awareness programmes, it may not always reach real-world programmes. On the other hand, existing programmes, such as the one we explored, have great potential but there can also be room for improvement. Knowledge from each of these areas can, and should, be combined to the benefit of the academic and practitioner communities. Originality/value: The study contributes to current research through the outline of a high-level programme for cybersecurity education and awareness targeting SMEs/SMBs. Through this research, we engage in a reflection of literature in this space, and present insights into the advances and challenges faced by an on-going programme. These analyses allow us to craft a proposal for a core programme that can assist in improving the security education, awareness and training that targets SMEs/SMBs.
READ FULL TEXT