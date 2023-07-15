With recurring incidents of cyber attacks being reported, Zerodha CEO Nithin Kamath took to Twitter to talk about the need for preventive measures in order to significantly reduce the odds of being a victim of cyber fraud. He said, a precaution that can be taken is to enable two-factor authentication (2FA) everywhere.

What is two-factor authentication?

Generally speaking, two-factor authentication is an extra layer of protection used to ensure the safety of online accounts, beyond just a username and password. Biometric authorisation, TOTP (time based expiring codes), among others, makes account compromise much harder, Kamath said.

In an evolving technological landscape, everyone is a target. Almost all companies would've faced some cyberfraud attempts, said Kamath, adding that not taking preventive action means it is just a matter of time.

"You need actual technologists who also understand UX and user behaviour to design measures to mitigate risks. You should never be overconfident and should always be paranoid about security," he said.

Cyber risk is one of the biggest financial risks. I heard of a single scam of Rs 20,000 crores that affected lakhs of Indians.

Steps taken by Zerodha to be less vulnerable to cyber frauds

Explaining how Zerodha tackles the issue of cyber risks, Kamath said all internal employee systems at the company have two-factor authentication.

"Strict role based access. Everyone gets least access and least privilege by default. Nothing is connected to the internet by default and access is over zero trust networks. Even incoming external email for employees is only available where necessary," Kamath said.

"Botnet and DDoS protection in front of all internet facing systems. Realtime monitoring and analysis systems. Almost the entire employee base including non-technical folks use Linux desktops to reduce the attack surface. Yeah, I have switched as well. I use Zorin (Linux). The shift was smooth since a browser is what I use the most," he added.

While there is no way to ensure there is zero cyber risk, however, Kamath pointed out the need for constant vigilance. "We continue to be paranoid and afraid," he said.

