Zsuzsanna Berenyi, Cybersecurity Expert at London Stock Exchange Group shares her tips on staying safe when working from home
What are your cybersecurity priorities at the London Stock Exchange Group?
I look after cybersecurity awareness and culture. What it means is I look after embedding the desired cyber behaviors into our employees’ everyday lives so that they become our first line of defense in protecting our information and data.
We’re building our ‘human firewall’ and it has been a very interesting and important investment in terms of people’s time. When we work from home, often incorporating our own devices, we must continuously be making sure that our home devices and the home network are secure. This can be more of a challenge at home as people have many more distractions around them when they are at home. But even in that home working environment they still must be as vigilant as when they were working from the office.
What are some of your top tips on managing cybersecurity while working from home?
Firstly, I would differentiate between technical security and behavior. In terms of technical security, it’s important for staff to focus on the security aspects. For example, changing WIFI router passwords, as the default password can be very simple to break. WIFI networks can also extend a considerable distance outside of the home. So, we advise our employees to change all default passwords, set up guest WIFI, and even set up a different WIFI channel for children or other family members.
Patching is another important security consideration. We have to make sure that our employees look after their own devices, patch their operating systems, and update their anti-virus. I was rather surprised by how difficult it is to get everyone to update their software. It is a relatively small group of people, but it can be difficult to get everyone to update their devices, even after several communications about it. In those cases, we would contact them directly so that they can use that platform, otherwise, those services would be locked for security reasons.
Then we honed in on the cybersecurity behaviors. Just because you’re at home, that doesn’t mean children should see your work. There are a lot of confidential conversations that happen, so the important thing is to be aware of who is around you. It’s also important to make sure that people protect their workstation when they step away – these are the simple, but very important behavioral elements that employees need to be aware of, and we provided a lot of training and advice about that.
Have you seen cyber-attacks on individuals increase or change since working from home became commonplace?
I think it depends on the seniority of the employee. What I see is that cybercriminals are most interested in that top level. Often this takes the form of cybercriminals impersonating those senior leaders and sending emails or messages to other people in the business.
I think this is where we have to be very careful because they will use the identity of higher-level people to get potentially sensitive information out of us. So, from a behavioral perspective, that’s something we have to be very careful about.
And that’s one of the things we also said to people, if you see something suspicious, just report it. It’s that is that behavioral element of telling people, just take a step back. It might delay you by a few seconds, but it will give you that peace of mind that you haven’t clicked on something and you’re not falling victim to any sort of cybercrime.
How do you tailor the cybersecurity message for people working in different parts of the business?
I think that depends on what area that individual or group needs help with and what kind of activities they undertake as part of their job. We tend to target communications for them in a way that focuses on incentives – it’s more of the ‘carrot’, not the ‘stick’ approach. We also try to draw attention to risky behavior and model the right kind of behavior.
We want to make sure that everybody understands their cybersecurity responsibility. And so that we know that we have a ‘human firewall’ that is ready for any sort of attack. Is it going to be a hundred percent? No. But our goal is to get to the point where everybody understands that it’s their responsibility to protect the business.