A zero-trust policy is built on the idea of "never trust, always verify." It generally refers to a way of operations in an IT environment, such as a security framework requiring all users, whether in or outside the organization's network, to be authenticated, authorized, and continuously validated for a security configuration.
This generally isn't an option on a home network - as it requires an extensive security setup & a continuously reviewed & updated security standard. But, what is possible - is to work off of the "never trust, always verify" line of thinking. There are a few key steps you can take to bolster your security.
Assume everything is a potential attack or avenue to compromise until you can verify that it is not.
To most people, this probably sounds extreme. Which your right; that's exactly the point. Never click on a link you don't recognize, do not participate in arbitrary surveys & do not enter potentially identifying information into places where it's not required & or verified to be safe. Per a recent Stanford University study, 88% of data breaches are caused by human error & misuse.
Implement Multi-Factor authentication across every single application
Multi-factor authentication is critical for many reasons. Firstly, it allows a system to identify you by more than just a set of credentials. 61% of account breaches are due to compromised credentials; MFA adds another layer of authentication & confirmation that you are who you say you are (in the worst case, a hacker NOT being you). All of your common social media platforms (Twitter, Facebook, ETC) allow for MFA via both code generation (cell phone) & email authentication. Two-Factor authentication, while infinitely better than SFA (Single-Factor authentication = username + password), is not as strong as Multi-Factor. If the application you're utilizing does not support MFA, 2FA is the second-best option & is much better than no secondary authentication.
Do not trust an email you wouldn't typically receive or haven't requested.
If you receive an email from a colleague requesting access to a specific file, set of credentials, or something else that is secure (for a reason), call & verify with that person they need access & why. This is a basic form of "never trust, always verify" & generally takes approximately 30 seconds of both your time & your colleague's, & prevents unwanted access to a secure item. The same goes for your personal email; if you did not request a password reset to a specific website - do not click a password reset link sent from a "seemingly" accurate email. This extends to things beyond email - such as pop-ups on your web browser, advertisements on your favorite streaming platform, etc.
Implementing a zero-trust policy in your daily use is inconvenient, but there is no safer way to go in our current technology-based workday. If you don't know it and can't verify it - do not trust it. This leaves would-be attackers with fewer avenues to obtain your data. Focusing on good security practices such as a Zero-trust policy, keeping your applications up to date, and having a solid anti-virus/ransomware suite is your key to being as secure as possible.
Please sign in to leave a comment.