In the thawing final chapters of the Cold War, President Ronald Reagan was fond of the Russian proverb “trust, but verify.” As the expression’s popular American usage matures into its 30s this holiday season, the cybersecurity industry is promoting something of an update all its own with what’s known as the “Zero Trust” security model.
At a time of year when the holidays tend to bring out the best in people – especially their degree of trust – this might seem counter-intuitive. Except that it’s not. Polls repeatedly confirm that our collective trust in our institutions is on the decline.
Adopting Zero Trust For The Holidays (and Beyond)
From the cybersecurity perspective, however, all this lack of cultural trust is a good thing. That’s because less willingness to believe means the reduced likelihood of a data breach. The result is that “zero trust” is forcing a fundamental rethink in how companies protect their files from a deliberate internal attack (or through a careless mistake like sharing email passwords) just as much as companies defend against external threats.
Cybersecurity experts define “zero trust” as a security concept whereby organizations should not automatically trust anything inside or outside its borders. Instead, they must validate anything and everything trying to connect to its systems before granting access. In other words, don’t trust anyone.
Adopting a zero trust approach comes down to four straightforward steps:
• Recognize and evaluate internal devices
• Enforce internal multi-factor authentication
• Limit access and privileges
• Develop security awareness training
Decking the Halls With Zero Trust
Recognizing internal devices means establishing a network access control (NAC) system that ensures a particular endpoint such as a laptop, a tablet, a smartphone or a desktop computer, has permission to join. Permission should be predicated on whether the device is fully updated and has the latest anti-virus software installed.
Multi-factor authentication is another way of saying that passwords and logins aren’t enough. What’s required can be a physical object like a USB stick or a key, a secret PIN known only to the user, or authentication data.
Even in small companies, not every employee requires access to all information. In this case, siloing of data can be a good thing. Limiting this access is another security measure if in the event an employee loses their phone or laptop or some other device and passwords are saved on them. Also, remember that if you terminate an employee or he or she leaves for a competing brand, delete said individual’s permissions and access.
Give The Gift of Cybersecurity Awareness
So much of internal zero trust data security comes down to common sense. And, of the four points listed above, developing a security awareness training protocol is the most straightforward but often overlooked.
Sentribit excels in this regard and is eager to help companies adopt a well thought out approach that transforms the corporate culture from the bottom up. Our managed security awareness training includes:
- Strategy development – align your organization’s training to your specific culture and goals
- Collaborative planning – apply the strategy to appropriate assessments and training, and identifying reporting and metrics
- Ongoing interaction – support continuous learning and development meeting with you regularly throughout your program
- Regular measurement – access detailed, in-depth reports throughout your program
Unfortunately, hackers are relentless in inventing new ways to acquire data they desire. That’s why Sentribit works with your executives, employees, and vendors to employ training that emphasizes data security and help your company navigate through the ever-changing waters of cybersecurity. We’re eager to assess the unique challenges your company is facing today, and offer the most innovative and effective training solution on the market.
Sentribit Helps Spread Some Cybersecurity Cheer
Ultimately, the phrase “zero trust” might ring a little hollow against lyrics like “We wish you a Merry Christmas,” or expressions like “trust, but verify.” But at Sentribit, we promise you a holiday season filled with a lot more fa-la-la-la-la’s, than frowns if you follow – and execute – this timely advice. Speak to us about increasing security awareness for your company by calling (908) 232-2060.