What is Zero Trust Security?

Zero Trust security is a framework that requires all users to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. This includes users both inside and outside the organisation’s network.

Zero Trust security protects infrastructure and data. It is used to uniquely address the challenges of today’s modern business, including securing remote workers, hybrid cloud environments, and ransomware threats.

Why the need for Zero Trust Security?

So, why the need for Zero Trust Security? Well, in the battle against organised cybercrime, the game of cat and mouse, repel and regroup is an everyday activity for businesses that continues to consume time, money and effort.

In a similar way that the most destructive things on our planet – namely guns, missiles, nuclear and chemical weapons, are sadly here to stay, cybercrime is now well understood as another entrenched weapon available for rogue states to unleash. Like any weapon, these often tend to fall into the wrong hands, and so more bad actors gain access and therefore power, to disrupt at will. Should our reaction to this digital exposure be to withdraw from the open, and the Internet of Things (IoT) where data travels by simple means? Should we instead choose a medieval fort with a big moat and a drawbridge where we can assess who and what approaches and enters a business? Obviously not, so the evolution is a new message “never trust, always verify”.

The sad truth is that a majority of cyber criminals and “bad actors” who prosecute these hacks and ransomware attacks have turned the technology advances we use every day against us. They are infiltrating systems and data from devices and from anywhere they like.

Advanced new technologies are rapidly emerging to counter these new threats and a more unified thinking on how to design security into our networks is now becoming mainstream. For example, SASE (Secure Access Service Edge) defines the delivery of network and security controls encompassing the cloud, data centre and on-premise elements of federated services using security techniques such as Zero Trust and the policies around access as the basis of the control. Zero Trust Network Access (ZTNA) products are also now emerging to provide security cover not only to the users and assets of a business but the network topography asset as well.

Zero Trust Architecture obviously requires some joined up thinking, new technologies and polices as we will discuss later.

How Zero Trust Architecture Works

Zero Trust Security is a significant change and innovation from what we know as traditional network security which followed a “trust but verify” method. That approach automatically would trust users and endpoints within the organisation’s perimeter, which encouraged malicious internal actors to gain legitimate credentials which allowed unauthorised and compromised accounts wide-reaching access to business data and systems. Cloud migration of systems, due to the business transformation initiatives and the accelerated need for remote working due to the pandemic that started in 2020, led to this traditional model being changed.  

Zero Trust Architecture, therefore, requires organisations to continuously monitor and validate that a user and their device have the right privileges and attributes. It requires that the organisation has visibility of all of its services and privileged accounts and has controls over what and where they connect. One-time validation simply won’t work, because threats and user attributes are all subject to change. 

To create Zero Trust Architecture you need to think about combining the right technologies such as multi-factor authentication, identity protection and next-generation endpoint security. A robust cloud workload technology would also be able to verify a user or systems identity at that moment in time, and the maintenance of system security. Zero Trust would also require consideration of encryption of data, securing email, and verifying the safety of assets and endpoints before they connect to the business applications. 

Zero Trust Security

Applying Zero Trust Architecture 

This guide to create a Zero Trust Architecture has been written to provide clear and concise advice with easy to understand tips. Therefore no matter how technology savy you are you can understand how to become more difficult to become a victim of cyber-crime. 

  1. Check your software can defend your business 
  2. Understand where data is stored 
  3. Understand who has access 
  4. Ensure devices are patched 
  5. Enforce strong passwords 
  6. Enable multifactor authentication 
  7. Apply conditional access controls 
  8. Block unwanted/unfamiliar  approaches 
  9. Educate your users 
  10. Review and amend the cyber plan regularly 

1. Check that security software does what you think it does. 

Many businesses are blissfully unaware that the cyber security software they have purchased is not really doing the job they think it’s designed to do. This is partly down to apathy, where the notion of having a security product is a tick box exercise and the chances of being hacked are low anyway, or the product has been configured as best as possible with the staff available who may not have much cyber security training or knowledge of the product in question. In both cases, the fact is that gaping holes invariably exist into which the cyber-criminal can penetrate a business’s defences and start their covert cyber activities. The rapid increase in the exposure to the market of SASE based products and tools that cover the entire user and network security threats (ZTNA) should be a wake up call that the time to act is now. 

For most users, Microsoft will be the business software of choice with Microsoft 365 for Business, enabling users to have Outlook email, and the office products such as Word, Excel, PowerPoint etc. At the network edge, ZTNA tools such as Fortinet and Cisco are used to defend the borders of the organisation from existential threats. 

More and more businesses are using a mixture of services from on-premise, private and public cloud networks and an example of this is the use of the emerging Microsoft tools in conjunction with 365 such as SharePoint, Dynamics, Power BI and Business Automate. Some of which will be run by the organisation themselves but some will be services from 3rd parties needing links into the organisation's network in order to operate. These tools closely couple the user and corporate data in order to provide the links to the business systems supporting users and business intelligence from the data collected and stored by the business.  

As a result companies such as Microsoft continue to enhance their security products and the Microsoft Defender suite has been engineered to integrate users with data and provide a set of comprehensive security measures that hardens a business when implemented correctly.   

Vissensa has written a set of blogs on the different Microsoft Defender products, and these can be found here: What is Microsoft Defender?

It is very important to choose the right Microsoft product for users, as the level of security features available in the subscription varies based on the subscription type, for example, Microsoft 365 Business Basic contains few security options that can be enabled compared to Microsoft 365 Premium.   

Antivirus protection for user accounts is also paramount and these products fall into two categories, one is antivirus, which is installed on a device and catches virus attacks at the point they are received by the device. The second is where the device is registered to an antivirus product that is generally cloud-based and therefore the detection is caught and dealt with away from the user's device itself. SASE based products are available that consider the users’ profile and their journey through the corporate network. These products need to be regularly updated and the recommendation is to turn on the auto-update and scan capabilities, so these products are scanning the latest threats at all times. 

Where a business is running its own infrastructure, Firewalls will normally be in use preventing unauthorised access to a corporate network. This is where ZTNA (Zero Trust Network Access) protocols are applied. In these cases, it is vital that trained personal set up and configure the devices and that management and monitoring of these devices are carried out routinely. These checks and the management of the firewall is a mandatory pass/fail requirement of Cyber Essential and Cyber Essentials pus certification. 

The corporate network (the connections between the different systems and services that are running the business) is seen as a highly prized asset to a cyber criminal as it can be used as a super highway to get between things they want to steal or hack. SASE (Secure Access Service Edge) and ZTNA (Zero Trust Network Access) products and services are leading the way in helping secure users and data across different (Federated) services. 

Zero Trust Security

2. Understanding where information is stored 

What might come as a bit of a surprise is that many businesses don’t know where all the information is stored within their business. Many users store important information on their One Drive or personal folders and many corporate folders are not organised in a way that information is easy to find. Worse still, the use of SharePoint is to a large extent a migration of these confused folders up into a cloud-based SharePoint site that is also hard to understand and navigate. 

A by-product of all this information sprawl is that it become near impossible to keep track of and secure properly. Individual folders and files that are shared around a corporate network are easy targets to inadvertently introduce and spread malware and ransomware. Files that contain sensitive information can be scanned and accessed and this data used to increase the sophistication of attack on the unsuspecting business. 

One of the key principles in the adoption of a Zero Trust security process is the locking down of information from every request until a user’s credentials and intentions are understood. Additionally, the security measures in place also use Artificial Intelligence (AI) and Machine Learning to continually assess how and what a user base is accessing in terms of corporate information and building up a picture on what the normal behaviours of users are in the network. This makes it easier to quickly spot when something not normal is happening at the user level. 

To allow this level of security to take place, an organisation must plot out what their systems and information flow looks like, how it is accesses and who accesses it. With information spread widely on personal drives and random folders on shared drives, an important first task is to clean up this data sprawl and take control and classify information into its sensitivity and importance.  

From there it is then much more achievable to form folders within a SharePoint or other collective corporate site into which the different classification of information can be stored, i.e HR, finance, sales, engineering, marketing etc.  

Organising information is a central place, which has a series of tiered access controls will allow a security team to apply user permissions to this information, securing it from unauthorised or speculative internal user requests immediately and helping to implement SASE protocols and processes. 

3. Understand who has access 

Giving out user credentials is deemed one of these “administrative” tasks that just had to be done to ensure a new member of the team has access to the systems. In many cases this request is relatively Ad hoc, in that it’s a “just go down and see Ben in IT and he’ll set you up”. This is the wrong way to look at this task and tightening up the access to information starts with a user on day one. 

Having a simple new starter process in place regardless of company size is a very good discipline to get into and also when an employee changes roles or responsibilities and either requires more or less access to corporate data. 

A simple new starter or access request process can be organised by departments, in that the base setting can be pre-populated ( things like shared mailboxes etc) and then the specifics can be added with some form of justification. When the user then gets access to the systems, they are exposed immediately to the “culture” of security in the business. 

Defining the access of a user is controlled from their Active Directory account profile, which will activate across one premise resources and cloud-delivered services using either (ADS) Active Directory Services, for local services or (ADFS) Active Directory Federated Services which control access to local and cloud access. This is normally carried out by the system administrator team. AD controls link closely with SASE and ZTNA initiatives that focus on the network edge and links within the network that users traverse to find information. 

With a clear set of user-profiles and what each can access, the opportunity for internal staff to roam around the network or a stolen credential to be used to gain access, move sideways in an organisation hunting for a more valuable asset or user before moving up the information chain to access sensitive information.  Zero Trust Network Access  (ZTNA) helps here because if the user doesn’t need access they don’t ubiquitously get access, or they have to prove themselves to be them and authenticate when requesting access to areas of information is removed. 

4. Ensure devices are patched regularly 

The lack of device security is the next best attack vector for cyber criminals after weak passwords. The most common attack on devices is launched towards mobile devices and especially phones, closely followed by tablets and then laptops. The main reason for this is the order that operating systems patching on devices is considered, laptops the most important, phones the least.  

The BYOD (Bring Your Own Device) culture that accelerated even faster during the pandemic meant that Shadow IT, a term coined to reflect devices and software, self-provisioned by the user and configured and then used to access the corporate network, exploded as non-corporate devices were deployed to keep people working. The inadvertent consequence was that many of the security measures being employed by the IT team were essentially bypassed, letting any potential virus or malware in through the back door.  

Many home networks and devices such as printers, routers, etc remain a potential infection point and therefore potentially damaging to corporate networks that are accessed via the home network to this day. 

Mobile Device Management (MDM) products are very useful allies in the battle to ensure devices are compliant. A corporate standard of security includes strong passwords, the use of unique authentication, (face, PIN, fingerprint), device system and patch level. Microsoft’s version of this is Endpoint Manager and Barracuda’s MDM products have particularly strong MDM features that can be tailored to specific corporate mobile users.   

The tools work by downloading a piece of monitoring software onto the user's device in order to track and communicate with the core security product. These downloads of software are usually described as either an “agent” or a “token”.  The agent or token does not record and capture what the users do on the device, so it's not as some people fear a “snoop tool", but it does analyse the status of the device, how it's connecting, where it's connecting from. Meaning, that the security product can assess the potential risks at the point the device requests a connection to the corporate network.  

For any organisation considering Zero Trust Security, this device management and status is critical to its deployment as the Zero Trust architecture will decide how far a user can get into a corporate network after the request has been made. If the user has never connected, but is eligible to connect, and does not have the agent installed, the connection process will automatically download the agent or token to the device and check the status before allowing any further communication. If the user deleted the agent or token from the device, on the next connection request if the software is not present, the software will be downloaded again. No agent – no access. Zero Trust Security!

It is important to acknowledge that any corporate and BYOD policies that are in place will need to ensure that the users of the network, and particularly those who are considering using their personal devices are informed of and agree with the security measures and the deployment of the agent or token on their personal devices. 

Just Want To Speak With An Expert?

5. Enforce strong passwords 

The advances in technology that allow a cyber-criminal to discover passwords have led to the development of all the measures talked about in this guide right up to the Zero Trust stance that the guide is designed to explain to the wider non-technical audience.  

It's unfortunate that identity-based attacks have continued to rise since 2019 fuelled by the adoption of home working practices and this has led to a shocking statistic that more than 80% of the unauthorised access events to online applications were via the abuse of stolen credentials.   

It is relatively simple to find the email pattern, (the way someone’s email is formatted, (i.e.Firstname.lastname@company.com), so a cyber-criminal targeting a specific set of companies or industries can easily scrape all the known user ids into a file and then start off by testing each one for password strength and security. One reason why old user credentials should be removed from the system as soon as possible after that individual has left the company. We discuss good starter leaver processes in section 3 – Understand who has access, and having a good leave policy that ensures the IT system access and credentials have been deleted is also a good policy. 

Once emails have been gathered software can be employed to automate passwords known as “brute force” attacks. These attacks use powerful computers that are not usually theirs and which have been already compromised to launch waves of test passwords at the accounts. Frighteningly, many attacks succeed early on as the passwords found are as simple as “Password” “Passw0rd” “Password123” or Admin. As far back as 2017, the warnings were there and network operator Verizon reported through their Data Breach Investigations Report that over 80% of account breaches were down to leaked or weak passwords that were trivially easy to guess. 

The defence of this is to enforce password controls that must use ever more complex sequences of letters numbers and characters, are changed every 30 days and log and record the last set of passwords used and prevents the user from using it again or modifying it slightly. The problem with this is we are all human, and we like familiarity, so having a complex password that is random is an unrealistic way of managing access and the user will never remember the password and become unsympathetic to the security concerns as the security measure gets in the way.  

There is a line of thought that passwords will become redundant as a security method before too long, with other aspects of security doing the main heavy lifting of authentication. Passwordless systems are already being rolled out such as Microsoft’s Windows Hello, or FIDO2. In these cases, the other factors of authentication, something unique to the user, something known only to the user will become the dominant security challenges. Until this is widely adopted and the security systems available now can accept passwordless access we’re stuck with providing a strong password as part of the authentication process. 

In Zero Trust Architecture, at this time, password strength is a parameter that can be set to be tested at the point of login or access request, and as we will discuss in Section 7 –  Apply Conditional Access Controls, can be used to limit what a user can gain access to within a corporate network. 

6. Enable Multifactor Authentication 

Because of the difficulty in getting users to implement stronger passwords, more technology-based enforcement of authentication was required. This is known as Multifactor Authentication “MFA” which is an advance on another process widely used and understood by non-technical people known as 2FA or 2 Factor Authentication. 2FA has been widely used for some time, with banks and other financial institutions, Government portals and online commerce adopting it to provide better security around user accounts other than passwords.  

The normal 2FA method is a User id and Password entered into an online account login page invokes a secondary form of authentication to something else the user has identified as a trusted device, such as a mobile phone. The 2FA process sends either a text message with a set of one time use numbers that are entered on the account login screen, or an app is installed which provides either a set of authentication numbers which is again entered not the online account login or establishes that the device has the authentication software and asked as simple Authenticate YES/NO question to the user. 

One of the main reasons the mobile phone is so widely used as the second form of authentication is that the telecommunications industry had to come up with a robust way of identifying a mobile phone so it could accurately bill the user and provide the enabled services to the device. This is the IMEI number (International Mobile Equipment Identity number), a unique number assigned to every mobile device that has the ability to use the mobile networks. The IT world saw this as a great solution and “piggy backed” the 2FA principle onto this already available identification.  

By having a secondary device the opportunity for a bad actor to steal credentials, find the password and successfully gain access are foiled as only the legitimate user gets the 2FA or MFA request to the phone or device they have in their possession to complete the access request. 

As part of the complete picture of enhanced Zero Trust Security, all elements used in the access chain have to pass the challenges, which is why in Section 4 – Ensure devices are patched regularly, the status of the mobile device is discussed. It forms a crucial part of the authentication chain and therefore its integrity has to be verified. 

To recap Multi Factor Authentication uses a number of “factors” to establish the identity of a user which would be impossible for a bad actor to impersonate. For this reason, keeping these factors separate and unique is crucial for a strong Zero Trust Security policy to work. As a reminder these factors are: 

  • Something the user has: A physical object in their possession (security token, bank card, key).
  • Something the user knows: Kept secret to the user (Password, PIN, Memorable information).
  • Something the user is: Physical unrepeatable characteristic (Fingerprint, Face, Eyes or Voice).
  • Somewhere the user is Specific signal or network and location. 

Zero Trust Architecture can use these factors to grade access and monitor and protect the user and the corporate network should any of these variables be changed or tampered with. 

Zero Trust Architecture

7. Apply Conditional Access controls 

Conditional Access is essentially what it says on the tin. It’s a method of breaking down each access type and request (for example: write access to a file or folder, print authorisation to a specific printer, copy or download authorisation to a device or USB) and controlling the access based on a number of corporate processes and procedures built up to protect information falling into the wrong hands. 

Implementing conditional access provides a highly flexible, yet low user impact method of applying strong access controls and security to corporate data. As mentioned in Section 2 – Understanding where data is stored, a prerequisite to implementing an access control policy is the classification of the types and locations of corporate information.  

Once the classification task has been completed, information can be organised into the different sites, folders and paths, used within the corporate network, making sure that each classification of information (HR, Payroll, R&D, technical etc) is logically separated so that a unique set of access parameters can be applied to the separated information. This can be the most time-consuming task and it is important to get this part right as all the other controls of access are dependent on this step. 

Authentication, including access to files and folders after the user has successfully logged on, is managed and controlled by Active Directory credentials (AD). This is discussed in Section 3 – Understand who has access. To implement Conditional Access to the site, files or folders (corporate assets) have access controls such as passwords attached to the paths that users would need to use to gain access. These are controlled again by Active Directory (AD) or (ADFS). Once in place, only those users who have the correct credentials that match the authorisation to gain access can pass. 

The credentials of the user are modified by the System Administration team within an organisation and these credentials are used to allow unhindered movement and access of that user around the parts of the network that correspond to their level of credentials. 

With conditional access in place a user does not interface with a security challenge until they request something that's not within their authorised access profile, whereupon the unfamiliar request, the security platform will do a number of things. 

Firstly, the user's device status will be checked as it is possible to grade the levels of access based on this status (such as the location of the request). Secondly, the authority of the user will be examined, such as, is the user able to access this, is the access request coupled with a one-time password challenge? Did they attempt the password more than 3 times? Is the time of day an unusual time for this user to be logged? Thirdly, what access the user has will be verified, i.e read, write, copy, download or attach.

At all points during this encounter, the security platform will be logging the activity and building up a picture with its AI (Artificial Intelligence) capabilities which it can refer back to when this specific user is identified in the future. In doing this the randomised behaviours of bad actors trying to search for ways into networks can be quickly and automatically identified and the path that is being used shut down and the security team alerted. 

A further step in securing files and information is using security labels on sensitive files that an organisation can lock and control the asset. By placing these labels on files the user has to have authorisation over and above what their current AD credentials are set to in order to gain access to the asset. The labelling of files can provide flexibility in how different users can use these files preventing download, copy and even attachment within the system such as Microsoft Outlook and Teams messages. 

8. Lock unwanted/unfamiliar approaches

This guide so far has discussed the defensive measures that can be put in place to protect a corporate network and its information. The Zero Trust Architecture takes these measures and applies them using Active Directory, ZTNA (Zero Trust Network Access) and the protocols build around SASE (Security Access Service Edge) as the base for the authority and authentication, creating a pass/fail approach to access across the entire corporate estate.  

The opposite stance of the defensive measures is the offensive one.  Many security platforms are now equipped to provide the trained security personnel with a set of security tools that allow the team to go on the offensive. These tools actively seek out potential threats as discussed in the last section using AI and machine learning to help identify potential risks from either poorly trained internal users or attacks from external sources. 

Monitoring and regular reviews of what types of threats are being encountered are critical in preventing an attack from building up and an important weapon in the security team’s “kill chain” response. 

A kill chain is a term used in cyber security to describe the chain of events leading to an attack and is taken directly from battlefield tactics where an attack is planned, what is to be attacked, the force of attack positioned, the order for the attack given, and the attack itself executed. Offensive countermeasures in today’s Security platforms can identify the signals of these phases of the chain and launch pre-emptive strikes against certain threat vectors, breaking the kill chain before the attack is launched. 

Less dramatic actions are the automated closure and blocking of routes and access paths that are being interrogated and tested by either rogue employees already within a corporate network or bad actors probing the network from afar. Once the security platform detects that the behaviour is taking place, it first searches it’s database of known threats and if known executes a defensive countermeasure that was known to stop the threat before. If it is unknown, it initiates a set of processes that lock down the access from that part of the network and alerts the security team as to the nature of the threat.  

The importance of always-on monitoring and regular security reviews cannot be stressed enough as knowing that an attack is underway and mitigating its effects is less time consuming and costly than cleaning up after the attack has successfully taken place. 

9. Educate your users 

User education is unfortunately the poorer relation when it comes to security and is more often than not presented with a set of demands and do/don’t’s rather than an opportunity to give users an understanding of the complexities of the network, the challenges of security and their part in this important journey. 

Uninformed users are almost as dangerous as the external bad actors as they have no perception of the risk and danger of doing a specific action. They also are invariably the users that believe IT is like a light switch or a tap, it's expected to turn on and be there instantly. These users put significant pressure on an IT or security team who have to regularly mitigate the actions of these individuals when things go wrong. 

Zero Trust Architecture brings these users into sharp focus as their uninformed behaviour which may not be malevolent in any way triggers the signals and automated responses that have been designed to protect the corporate assets. The warning signs are users or managers complaining that their users are unproductive due to the security blanket imposed or demanding “special” access to certain files or folders in order to do their job. 

In these cases, the IT team should remain resolute in their actions and bring the user demand back down to the categorisation task, classifying the sensitivity and rules around the asset and where it should sit in the network. The discussion is then simply “is the asset not as valuable as first classified?”, “should the asset be moved to a more accessible folder?”, “Does the user require continuous access, or could one-time access be granted?   

The custodians of the business are the business owners and line of business, IT is an enabler and is regularly labelled as the inhibitor to the business. This is where Shadow IT, users doing their own thing emerges and Security diminishes.  

Zero Trust Architecture, through the nature of it having a top down view of the entire corporate estate, means that users purporting to install shadow IT will be denied the ability to develop these networks. 

There are a number of very useful user training assets available on the web which can be used to provide a level of information and understanding to users who must consider that they are a part of the security stance. 

Zero Trust Architecture

10. Review and amend the Cyber plan regularly 

Security is an always-on 24/7 business, there is no slowdown or lulls in its operation and cyber-criminals and bad actors are constantly looking for where and when to attack. Many organisations are hacked and brought down during the night periods of their respective time zones, specifically because the cyber-criminals know that they are unlikely to encounter a real human security specialist watching and monitoring a corporate network. The password hacks have at least 8 solid hours to brute force and guess the password sequence of a compromised user id at night as the user is unlikely to be logging on as well. 

The ability to remotely monitor and manage networks and devices has improved the chances of catching an attack before damage is done but as detailed in the last section, spotting the kill chain and interrupting it needs proactive effort to succeed. This means allocating time and resources to the continued and systematic review of the systems in place, what and how to protect resources that have been modified or extended by re-evaluating the threat vectors of the asset and if these have changed, reviewing where possible probing is occurring and analysing what the threat might be and how it can be mitigated. 

As discussed earlier some of the security platforms have automated tools available to do much of this heavy lift, giving security or IT teams a way to stay on top of threats encountered over a period and highlighting those that should be actioned to harden the corporate network still further. 

Involve the lines of business in the reporting so that users can see the level of details to the measure being taken to mitigate attacks and promote a more inclusive view of security in the organisation. 

The certification in Cyber Essentials and Cyber Essentials PLUS is a good independent assessment of how well protected an organisation is and the Essentials accreditation is less than £500 and is a self-certification process. Much of what this guide recommends is baked into the certifications developed by the NCSC (National Cyber Security Centre) and is aimed at all levels of business. This process is a yearly certification process but highlights that like the MOT or roadworthy certificate of a vehicle, it's something that needs to be carried out regularly. 

Speak to one of our Zero Trust Security and Architecture consultants

Speak to one of the team today so we can understand your environment and how to set up Zero Trust Security for your organisation.

We will ask questions to gain an understanding of your environment and uncover where there may be weaknesses and how to create the Zero Trust Architecture to safeguard your business.

The team will be more than happy to assist with your requirement and provide advice and expertise along the way! Simply complete the short form, and we’ll be in touch.

FAQ

What is Zero Trust Security?

Zero Trust security is a framework that requires all users to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. This includes users both inside and outside the organisation’s network. Read More

How to apply Zero Trust Architecture?

This guide to creating a Zero Trust Architecture has been written to provide clear and concise advice with easy to understand tips. Therefore no matter how technology savy you are you can understand how to become more difficult to become a victim of cyber-crime.

  1. Check your software can defend your business
  2. Understand where data is stored
  3. Understand who has access
  4. Ensure devices are patched
  5. Enforce strong passwords
  6. Enable multifactor authentication
  7. Apply conditional access controls
  8. Block unwanted/unfamiliar approaches
  9. Educate your users
  10. Review and amend the cyber plan regularly

Read More

Why the need for Zero Trust Security?

Why the need for Zero Trust Security? Well in the battle against organised cybercrime, the game of cat and mouse, repel and regroup is an every, day activity for businesses that continues to consume time, money and effort. Read More