Zero Trust: What It Is And What You Need To Know

Zero trust for the modern estate agency

Nowadays, online security has become an indispensable part of our lives especially as the number of Internet users keeps increasing and more people – and companies – are carrying out more transactions online. Data breaches, cyber theft, and other online security threats are on the rise, and no one is safe from them – not even big companies with sophisticated security systems.

This post is aimed at those business owners who feel it is a reasonable idea to keep their data safe, secure and out of the hands of those mean spirited individuals who spend their free time illegally syphoning cash and data out of your business.

What is zero trust?

Let’s suppose you are going to the bank to deposit a heavy wad of fifty pound notes, secured only by a feeble elastic band that is clearly struggling under the emotional pressure of keeping your riches secure. You are approached by a man with a tee shirt, embroidered upon which is
I am trustworthy.
The kindly gent sees you struggling to transport your wealth and stops you in the street:
“I see you are in distress. I would be happy to offer my services. Give me your money and I will deposit it in the bank for you.”

Now before you proclaim that ‘this is child’s play’ – of course you wouldn’t give them the money, (even if his tee shirt did give you pause for thought) – consider what you are currently doing with your business security and business processes. Is your I.T. as astute as you when approached by other programs, cleverly disguised in their metaphorical ‘I am trustworthy tee shirts?

Zero Trust I.T. systems assume that every approaching program or human is a vile untrustworthy menace with maniacal intentions. It is therefore up to that approaching human or program to prove they are worthy and indeed authorised enough to move forward and access the desired data (a bit like a male black widow spider approaching the female, except of course the computer does not eat the human once they are granted access).

Do you know if you have a zero trust I.T. system?

Don’t assume that your systems naturally operate within a zero trust framework. It may be the new tech buzzword now (and we are all very excited about it) but consider that traditional business security models operate under the misguided assumption that everything that naturally exists within the business network is automatically trustworthy. This blind ‘open arms’ approach to welcoming people in to access company data has a few flaws:

  • Malicious individuals from within the organisation have free reign to access, remove and potentially destroy key data.
  • Phishing attacks are more likely as a criminal outside the network need only impersonate any individual by stealing low-level passwords to gain access to company data.
  • Disgruntled ex employees with a password and an axe to grind can do a great deal of damage.

There are more flaws but I don’t want to depress you before you’ve had a chance to get to the promotional plug and the end of this advice section and conclude you’d like a free I.T. audit from Munki Business I.T. (consider that a mini plug).

Why is zero trust important for small businesses?

I won’t go into why it isn’t a good idea to allow people, programs and organisations unrestricted access to your data, and the many ways in which you can fall victim to the cyber security threats out there – mainly because this was all covered in a previous post on: Ransomware and how to protect against it
Suffice to say if you want to remain safe then you need to adopt a zero trust approach. The core of an I.T. zero trust approach is the principle: ‘Never trust, always verify.’ Every stage of a digital interaction should therefore be validated before granting access.

Where is your valuable business data stored?

There was a time when the bulk of a company’s data was stored on massive mainframe computers that took up an entire room. As technology evolved so did data storage and the capacity with which we can store valuable information. Many estate agencies and businesses in the UK not only store valuable information on site, but also on the cloud, making sure it is end to end encrypted; rendering it very difficult for a ransomware or cyber attack.
This does not stop cyber threat attempts but gives you an increased level of security.

Identify the most important areas of your network

The first stage of any zero trust approach is to identify the critical services, applications and data. If you are going to protect your business it makes sense to know what you are protecting, outlining the vulnerabilities and developing an effective security strategy.

Apply zero trust to your human workforce.

Humans operate the computers and they can be the weak link in the zero trust chain. Many cyber threats occur because of a human:

  • Opening a spam email and clicking on a link that opens the doors for all manner of attacks
  • Having a password that is very easy to hack (your children’s and pets names followed by the number 1 for example).

Another common mistake is where businesses allow employees access to areas of the network that they simply don’t need. Does the marketing dept. need access to company accounts or sensitive employee data for example?

The key takeaway here is to keep access to certain areas of the network on a strict ‘need to know basis’ and for those higher level employees and directors consider adding software that will not allow a password that is not robust enough to give cyber attackers second thoughts.

How can small businesses implement zero trust?

The simplest way for a small business to protect itself, its data and critical applications is to enlist the help of an I.T. company who are familiar with the zero trust framework. Which brings us quite nicely to…

Munki Business I.T. Shameless Plug

There are a couple of other I.T. companies out there who are familiar with zero trust but I’m not going to mention them because this is our shameless plug. They are great though.

Veering away from the light hearted nature of this post slightly: Munki Business I.T. take your data security very seriously and are offering UK businesses a free, no obligation comprehensive I.T. audit worth over £2,000.

Simply fill in the form below and one of our friendly team will be in touch.