Gladwell Njoki Murigi, Gladys Kimutai


Small and medium enterprises are major stakeholders in developing countriesâ economies. In Kenya although SMEs take off on a high note their life span is short. SMEs are more exposed to information security risks, short life and thus poor performance. The general objective of this study was to investigate the on the influence of information technology security practices on the performance of small and medium enterprises in Nairobi County. This research study used a descriptive research design. The targeted population was the 1,221 owners or general managers of all the SMEs in the hotel sector operating in Nairobi County. Random sampling was used to choose a sample size of 292 SME owners or managers from the targeted population. Semi structured questionnaires were used to collect primary data. To test the reliability and validity of the instruments of research a pilot test was conducted. Thematic content analysis was used to analyze qualitative data realized from open-ended questions while quantitative data was analyzed using inferential and descriptive statics by employing Statistical Package for Social Sciences (SPSS version 22). Descriptive statistics and multiple regression analysis were employed to determine the relationship between independent and dependent variables. The study found that privacy and confidentiality policy, back up policy as well as policies on sharing, storing and transmitting of data influence the performance of SMEs in Kenya. In addition, communication channels, security training and education as well as frequency of training influences the performance of SMEs in Kenya. The study established that use of passwords was the most used access control measure to enhance information technology security, followed by smart cards and biometric access controls. The study recommends that SMEs that have adopted information technology to come up with an IT security policies. The policies should comprise of use of passwords, encryption and consequences of misuse of ICT resources among others. In addition, the management of SMEs should plan for training programs on information technology security. This will help in ensuring that the staff have up-to-date information on security risks and how to mitigate them.

Full Text:



Alter, S. (2015). Work System Theory as a Platform: Response to a Research Perspective Article by Niederman and March. Journal of the Association for Information Systems, 16(6), 485-514.

AusCERT (2005). 2005 Australian Computer Crime and Security Survey. Retrieved from

Bertalanffy, L. (1968). General System Theory: Foundations, Development, Applications. New York: George Braziller.

Besnard, D. & Arief, B. (2004).Computer Security Impaired by Legitimate Users. Computers & Security, 23, 253-264.

Dimopoulos, V., Furnell, S., Jennex, M. &Kritharas, J. (2014). Approaches to IT Security in Small and Medium Enterprises. Retrieved from

Dinev, T., & Qing, H. (2007). The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies. Journal of the Association for Information Systems, 8(7), 386-408.

Fotiou, N., Marias, G.F. & Polyzos, G.C. (2012). Access Control Enforcement Delegation for

Information-Centric Networking Architectures. Retrieved from

Kothari, C. R. (2004). Research methodology: Methods and techniques. New Delhi: New Age International (P) Limited Publishers.

Lee, S. M., Lee, S., & Yoo, S. (2004). An integrative model of computer abuse based on social control and general deterrence theories. Information & Management, 41(6), 707.

Lijiao, C., Wenli, L., Qingguo, Z., & Smyth, R. (2014). Understanding personal use of the Internet at work: An integrated model of neutralization techniques and general deterrence theory. Computers in Human Behavior, 38, 220-228.

Yeniman Yildirim, E., Akalp, G., Aytac, S., & Bayram, N. (2011). Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey. International Journal of Information Management, 31(4), 360-365.


  • There are currently no refbacks.