It happens every day – someone clicks a suspicious link, and the entire company is put at risk. Fortunately, there are projects that are fighting back. The Belgian SME CyberSecurity Ambition project is helping to give employees of small-and-medium-sized enterprises (SMEs) the tools they need to keep their company secure.

Funded by the European Social Fund (ESF), the project educates employees in the field of cybersecurity. By raising awareness about some of the most significant threats, the project prepares Belgian SMEs to adapt and thrive in today’s digital landscape.

One SME to benefit from the project was Het Veer, which had 20 of its employees trained in cybersecurity. Trainees were split into groups according to their prior cybersecurity knowledge and awareness level. Sofie, one of HR responsible at Van Heer, is positive about the skills she gained by participating, ‘During the training we were able to formulate concrete action plans in three break-out teams to tighten our cyber security.’

Bespoke training programmes are needed to protect SMEs against security threats. The project originated from the Internal Audit Academy, part of the Institute of Internal Auditors Belgium. Patrick Soenen, who is a project officer at Ambition, from the Internal Audit Academy, explains ‘we are targeting SMEs and small businesses, where people work who do not necessarily know enough about cybersecurity.’

These small and seemingly insignificant online actions can have company-wide ramifications: ‘When a phishing email arrives, only one person has to click on the link to infect the entire company’, Patrick Soenen attests, ‘people are the weakest link in cybersecurity.’ So, the project’s targeted and effective work at a human level ensures that these easily preventable gaps in the firewall are plugged through tailored education to, as Patrick puts it, ‘reach everyone in the organisation transversally.’

Sarah De Ridder of Grant Thornton, a partner company in the project, adds, ‘In addition, there is also the “firewall” aspect. Cybersecurity is also a technical story.’ So, the challenge comes in educating those involved at a technical level where this might not be their area of expertise.

‘In our training courses we include a number of technical terms that we try to explain as well as possible. For example, what is a firewall, and why do you need it? We then explain that as easily as possible,’  explains Sarah.

The SME CS Ambition project confronts these sorts of challenges by giving practical scenarios. This process allows participants to learn how to deal with cybersecurity threats as part of a process, helping SMEs thrive in an increasingly complex digital marketplace.