Monthly Archives: May 2022

Considering Zero-Trust as Part of Your Cybersecurity Plan

At one time, a firewall and antivirus protection were adequate protections to keep networks secure. Businesses had a perimeter, a boundary protecting the network from unauthorized access. All that has changed over the years, with millions of devices connected to networks all over the world, and to the Internet via these networks. Enter “zero trust”, granting access on a case-by-case basis. Read on to learn more about this principle and how it can benefit your organization.

 

Why Zero Trust is Important Now

 

In recent decades–especially the last two years since work went remote–more users are connected to business networks and other Cloud services. With the “perimeter” now outside the traditional office, more care is necessary to grant access only to legitimate users. With more devices connected, data and applications are available to more people. In the zero-trust model, no individual is assumed to be trustworthy simply by being part of the organization. And that begs the question of who is a legitimate user.

 

Zero Trust Defined

 

Zero-trust is a cybersecurity posture that assumes that any user seeking to access the system could be a bad actor. Organizations using a zero-trust architecture have set up various criteria to determine that the entity (a device or a person) seeking access is entitled to it. Not only that, but depending on the location of the device and the role of the person using it, access can be limited to the computing resources needed for that person’s function. A common practice used in zero-trust is multi-factor authentication. After giving their password, a user performs an additional step, like submitting a one-time code. 

 

The Why of Zero Trust

 

The “why” of zero trust comes from so many more devices connected to business networks and the Internet, as well as the growth of cloud solutions. Cyberattacks have become ever more frequent, and businesses need a way to verify the validity of access requests. Besides this, once the business has the criteria set up to determine legitimate activity, it is better able to spot suspicious activity. With other cybersecurity practices and tools, zero trust is yet another way to secure your company’s network. 

 

Naturally, companies want their systems, data and applications to be as secure as possible. For help with setting up a zero-trust environment, contact your trusted technology advisor today.

Keep Your Cyber Shield Up

Threats are everywhere, and not expected to decrease. All over the world, individual and state actors seek to attack businesses of every size–malware and ransomware via phishing emails, denial of service attacks, and other intrusions. Read on to learn how you can keep your cyber shield up and your business protected.

 

CISA and Your Company

 

The Cybersecurity and Infrastructure Security Agency (CISA), a part of the United States’ Department of Homeland Security, leads the nation’s work in protecting the cybersecurity ecosystem, and helps protect critical resources undergirding American society. It helps organizations “prepare for, respond to, and mitigate the impact of cyberattacks.” Even in times of relative peace, bad actors still attempt to breach the cyber defenses of businesses of all sizes. Small and medium-size businesses are often particularly targeted, since attackers know they may not have the same level of security as a government agency or large corporation. In addition, they also target managed service providers, to whom small to medium-size businesses outsource their infrastructure. However, when MSPs and SMB’s work together, and enlist the help of the CISA, they can put up a strong shield against cyberattack.

 

Partner With Your Technology Advisor

 

To lower risk, consider implementing robust network monitoring and work with clients to ensure that the infrastructure is monitored and well-maintained. While you can play a role by assessing your own risks you can also work with your technology advisor to mitigate those risks. Require multi-factor authentication for everyone accessing the network, update software and operating systems, and perform continuous backup of critical data and systems, among other practices. Remember, if and when a cyberattack occurs, the affected party should submit information about the incident (including nature and severity) to CISA, which will analyze the attack and share incident information with other entities. By doing so, they can discover trends in malicious activity, and help many companies stay safe.

 

Everyone plays a part in developing and maintaining a strong cyber shield. For help with your cybersecurity plan, contact your trusted technology advisor today.