Zepto's Head of Operations and Information Security, Mariana Paun, discusses why cybersecurity is everyone's business.
Each October, the cybersecurity community comes together to celebrate and raise awareness during Cyber Security Awareness Month. Having engaged in an all-of-company approach to cybersecurity for a few years now, this year's theme "Cybersecurity is Everyone's Business" resonates deeply with us at Zepto. We are taking this opportunity to deepen engagement with our entire team in the process.
Security in a business, especially a fintech, is a non-negotiable. But I believe you can approach it in different ways. There's the heavy-handed, sharp-edged approach that can instil fear in your people. Or there's the build trust and foster engagement with your people way that we favour.
At Zepto, we have laid down foundational security measures such as password management, multi-factor authentication, and role-based access, which have been well-received by our team. Information and cybersecurity really are everyone's business here.
A key contributor to the success of our security implementation strategy is the culture at Zepto. Being good humans, and together stronger are two company values that are held dearly across the business. They're baked into our DNA, so prioritising building trust and rapport with our cross-functional teams comes naturally to us.
Our IT team, reporting into our Security space, provides a seamless entry point for employees seeking support or access to tech. Interactions are encouraged, relationships are fostered, trust and engagement are nurtured. I believe this foundation of trust and open communication around cybersecurity within Zepto is almost as important as the security foundations themselves.
At Zepto, those foundations include recent initiatives that have significantly enhanced our security practices. These include single sign-on integration through Okta, implementation of Lumos for streamlined access provisioning, and the introduction of mobile device management (MDM) for efficient device control and compliance.
Furthermore, our principle of user experience as a top priority guides our decision-making process for implementing security controls. We meticulously test and evaluate products from the perspective of usability and employee experience, ensuring that security measures do not compromise user satisfaction and ease of operations.
These initiatives not only bolster our security measures but also prioritise user experience, ease of access, and compliance with minimal disruptions.
In recent months, a new face has joined Zepto — our company mascot, Zeppy. Zeppy personifies our company values and mission, always appearing calm, confident, curious and ready.
In line with this year's theme, we have turned our attention to more complex security measures and involving everyone at Zepto in our cybersecurity initiatives. We have dubbed our internal campaign "Keeping Zeppy Safe by Making Cybersecurity Our Business," aligning it with our internal branding to engage our team.
And we've gamified it.
To promote continuous engagement, we've launched a competition around a series of challenges, quizzes, risk assessments, and data breach awareness activities. Points and prizes are awarded to keep our people motivated. Furthermore, we're creating informative and practical video content focusing on data management, addressing common behaviours related to data sharing and offering valuable advice to our employees.
Despite the current industry trend, we have decided not to conduct phishing simulations. This decision is based on the remarkable increase in awareness and the strong relationship our security team has built with our employees along with preventative email security controls. Our open, approachable, and encouraging culture has led to multiple reports and interceptions of potential phishing attempts, reflecting the trust and security consciousness embedded in our company culture.
At Zepto, we're committed to celebrating Cyber Security Awareness Month to reinforce our security practices and engage our team in safeguarding our organisation and data. We constantly strive to cultivate a security-conscious culture that empowers every employee to participate in and prioritise cybersecurity efforts, ensuring a collective defence against potential cyber threats.
Cyber Security Awareness Month is just one part of our ongoing commitment to security. Beyond October, we remain dedicated to enhancing the security foundations we’ve built and fostering a security-conscious culture that thrives on collaboration and engagement, and keeping Zeppy very, very safe.