Checking users, applications, and devices on your network are just a few ways to keep your company safe from cyberattacks. Tom Merritt lists five things to know about zero trust ops.
Attackers are everywhere. They want inside your network, and they'll do anything--phish, ransom...anything. So, who can you trust? The answer: No one. Nada. Zero. Here are five things to know about zero trust ops.
- It doesn't mean never trust. It means check trust. Successful attackers look normal. Just because something is in your network, doesn't mean it's safe.
- Check your users. Make sure a user is who they say they are, has the proper access, and is using a trusted device.
- Check applications. What applications have access to what data? How is any exchange of data secured? It's not wrong to use encryption inside a network.
- Check devices on the network. Do the office smart bulbs have complete access to the same network as finance? That could be a problem. How do you handle smartphones, or even a Nintendo Switch brought in by an employee?
- Consider whitelisting everything. Attackers take advantage of communication you didn't think was a problem. One of your own servers talking to another server might not seem like an issue--until it's an issue.
Trust isn't absolute. You may trust me to deliver a good podcast, but not to draw a work of art--and you'd be right. Don't just think about whether you should trust something, but for what conditions and for how long?
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Tom Merritt's Top 5 Series (TechRepublic on Flipboard)