Digital Lending and Information System Security in Kenya

Abstract

Today, information is regarded as a valuable resource for any organization and with the advent of globalization and ever-changing technologies, the need for information security is becoming more and more critical. The importance of information system security is getting more noteworthy as firms are becoming reliant on information technology. While originally information security was regarded as a technology hiccup that could be addressed through refined hardware together with software answers, rise in the number of security gaps demonstrates that this is also a people problem. The overall objective of this study was to establish adoption of information system security among digital lenders in Kenya. The specific objectives were to determine information security threats faced by digital lenders, information security measures adopted by digital lenders and establish challenges faced by digital lenders in securing their information systems. The population of the study was the 29 registered digital lenders in April 2021. Primary data was collected through the use of closed ended questionnaires. Out of the 29 questionnaires administered, 16 were received back resulting in a 55.17% response rate. Data was analysed through the use of mean, standard deviation and factor analysis. The study findings revealed that the major information security threat faced by digital lenders was phishing. To counter threats in the sector, the three major information security measures adopted by digital lenders were automatic logout policy for workstations after a predetermined period of inactivity; password complexity requirements policy to ensure every password meets minimum required threshold of length, characters, numbers and symbols; and application of firewalls that enforce a secure boundary between the internal network and the Internet. The study findings also revealed that there were two major challenges faced by digital lenders in securing their information systems namely lack of awareness by customers on the risk of sharing their passwords and lack of information security awareness amongst customers. Recommendations to digital lenders are to enhance customers’ awareness on the risk of sharing their passwords and to be more security conscious as they use digital lending systems. In addition, digital lenders should enforce security measuares as such automatic logout, password complexity requirements policy and application of firewalls.