Should Our Company Be Using Zero-Trust Security Measures?

2020 was not only the year of the COVID-19 outbreak. Many in the IT security world are also calling it the year of the Cyber Pandemic.

Hackers and organized criminal cartels took advantage of all the disruption. They launched multiple attacks and, at one point, they even reached a high of 4,000 attacks per day! In the midst of the pandemic, the FBI noted a 400% increase in cybercrime reports.

It has always been important to have IT security safeguards in place to protect against current and emerging threats. However, it is more vital than ever for you to assess your company’s cybersecurity strategy to ensure that you are protected against the surge in online threats.

One of the security approaches that has been becoming the standard for many large organizations is called Zero-Trust Security. This is not a single application. It is a strategy that improves network security overall by implementing multiple best practices.

How Does Zero-Trust Differ from What We Do Now?

The standard in cybersecurity for many years has been a “castle and moat” approach. This means that a strong ring of security has been put up around a network. However, security lessens when you get inside that network.

These measures tend to look for the “bad guys” to keep out such as various forms of malware, phishing emails and other threats.

If one of those threats disguises itself and gets past that outer ring of security (which is usually in the form of a firewall or email filtering), it can run free inside “the castle” because it doesn’t have to go through additional challenges.

Zero-Trust looks at every user and application that is both inside and outside a network as a potential threat. It does not automatically trust an entity that has made it past a firewall.

It also uses whitelisting (working from a list of “good guys”) instead of always trying to identify newly disguised “bad guys.” This approach better protects against new and more sophisticated threats.

How to Implement Zero-Trust Security at Your Company

There are several things that you can do to adopt a Zero-Trust security posture at your company.

Use Advanced Multi-Factor Authentication (MFA)

MFA is incredibly powerful for keeping hackers with a compromised password out of a network or cloud account. According to Microsoft, it can stop 99.9% of account breaches.

Taking MFA a step beyond just a simple code at login, you can further protect your data by implementing Zero-Trust measures.

This means using additional authentication in the following ways:

  • Restricting permissions access if a user is logging in from outside a certain geographical area.
  • Adding an additional challenge question if a user has higher privileges.
  • Investing in token or hardware-based MFA which is more secure than that via SMS.

Use Application Whitelisting & Ring Fencing on Systems

One of the emerging types of attacks is called fileless malware. This is code that sends a command to a legitimate system process, such as Windows PowerShell. Since this type of attack does not actually contain a malware file that can be detected, it often gets by standard anti-malware programs.

Application whitelisting is the technique of telling a system which applications are approved to execute commands. Any other command trying to be executed by another program is automatically shut down.

The next step is ring-fencing which dictates how those whitelisted programs are allowed to interact within your network. This can keep those malicious fileless malware commands from being executed.

Monitor Traffic & Endpoints

Today’s networks are more spread out than ever due to employees working remotely and connecting to company resources from multiple devices (laptops, smartphones, etc.).

It is vital that you have monitoring in place to watch the traffic inside your network as well as the endpoints connecting to your network so that it will look for any suspicious behavior that would indicate an insider attack.

An endpoint device manager (like Microsoft Intune) can ensure all of the endpoints that are connecting to your network are secure and will enable you to block any devices that are not being monitored and are trying to connect.

Improve Privilege Management

The more users that you have in your systems with high-level privileges means more perfect targets that a hacker has to choose from. When a criminal is able to breach a user account that has admin privileges, they can steal more information and do more damage than if they had hacked a user account with fewer administrative access rights.

It is important to implement secure privilege management that reduces your risk by reducing the number of unnecessary higher privilege user accounts that you have.

Some of the ways to do this are the following:

  • Use one dedicated admin account that is not used as a regular user account.
  • Give employees the lowest privileges possible for them to do their work.
  • Attach additional security authentication to high-level user accounts.

Get an IT Security Assessment to Ensure That Your Network is Protected

If you have not performed a cybersecurity audit since the pandemic started, it is time to get one. Sound Computers has experts that can assess your Connecticut company’s IT security, identify vulnerabilities and implement safeguards.

Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.

March 2, 2021
Sound Computers Admin