Trust no one: how zero trust protects your business

To secure your business data online, you may have a firewall installed on your laptop. That puts a protective wall around your network. But what if there are holes in that wall? How do you secure your network if the hacker is already inside? One possible answer to that is: zero trust.

Cyber Magazine SECURE IT!

Cyber magazine SECURE IT! contains tips and information on how to secure your business online.

Read it

'Trust no one, check everything'. The zero trust principle assumes that an attacker will get in anyway, through whatever hole in the wall. The aim of zero trust is to use extra measures to prevent the attacker, once inside, from directly accessing your most important information. The Dutch National Cyber Security Centre (NCSC) also recommends this tactic.

Applying zero trust

Zero trust is thus a way to limit the damage caused by cybercrime. The idea is based on three core principles. Here is how you apply them:

1. Shield

Have a separate 'treasure chamber' where you keep valuables. In other words, separate your most important trade secrets or data from the rest. In computer terms, this is called segmentation. For example, you can put sensitive information on an external hard drive, on a separate network, or in a cloud environment. Give this treasure chamber an extra lock in the form of a password and two-factor authentification, for example.

Separate account

You can also protect your most important documents or applications with a separate account. Then, to access sensitive information or payment systems, for example, you need to log in to that separate account. If a cybercriminal then gains access to your daily account, they won't be able to access your most sensitive data.

2. Limit access

Limit access to your treasure chamber. Only the people who really need it get access to the most important data. Only give employees temporary keys or passwords when they need them.

3. Control movement

Make sure you know who is in your network at what time. And that you know exactly what they are doing there. You do this by recording and checking log data. There is software for this, which you can buy from your IT administrator, for instance. Keep in mind however that GDPR privacy regulations mean you cannot simply monitor your employees (in Dutch).

Be prepared

Zero trust assumes that an attacker will get into your system. Prepare for that with a plan. For example, make sure your data is backed up offline. And consider what to do if you are hit by ransomware. Do you find cybersecurity complicated? Then consider outsourcing your online security to an IT service provider.