“Zero Trust Creates a Culture of Distrust” Debunked

Today’s best secured networks operate on a Zero Trust policy. Zero trust architecture centers around the idea that you should not trust anyone or anything inside or outside your network. It also involves least privileged access which means only allowing employees to have access to what they need to do their job and at a minimal level.

While zero trust is a great way to help prevent both cyber and physical attacks on an organization, some argue that this can cause a negative culture of distrust amongst coworkers.

So, it raises the question is a culture of distrust a bad thing?

Yes, it is distrust but it is the right kind of distrust.

It is not a healthy work environment to distrust the people you are working around. However, by teaching zero trust as a strategy to protect your organization, you are creating camaraderie amongst your team. Each employee knows that they are doing their part by working together to strengthen the organization’s security.

Does that mean if an employee gets an email from a coworker and calls to verify the request that they don’t trust you? Absolutely not. Zero trust is a concept that stresses trusting no internal or external access attempts. Even with phone calls, email, text, you need another layer of verification to ensure a request is valid.

If someone does not hold the door open to the office for you they are being rude? Again, no. If you are badging into an office building do not let someone follow behind you. As companies grow it is almost impossible to know everyone. Let’s say you do know them, do you know they are still employed at that moment?

These are just a few examples of showing distrust in the workplace the right kind of distrust. Anybody that looks at zero trust as a bad thing doesn’t fully understand the risks today of IT security. And that is the much more harmful culture issue.

The truth is the bad guys continue to get better.

As an employee you might not naturally be thinking about a cyberattack on a day-to-day basis, but for hackers it’s their full-time job. By putting zero trust policies and processes in place, your team is working together to prevent and recover from an attack before it’s too late. Organizations must educate their employees on potential risks, how to spot threats and give them a formal zero trust policy to follow. By securing a network in this way, you can make sure that data isn’t being accessed by individuals that shouldn’t be accessing them.

Here are additional security best practices to help secure your environment.

• Keep devices locked. Employees should always keep their devices locked with a PIN, password, or biometric scan. Otherwise, all the security in the world can’t prevent someone from simply picking up a device and accessing confidential data.
• Only install apps from trusted sources. Third-party applications may have malware embedded inside of them. Even apps on the app store can sometimes have vulnerabilities.
• Keep your device’s operating system updated. When malicious exploits are discovered, operating systems are updated to stop them. However, the updates need to be run for the device to be protected. A device running old software is going to be vulnerable to these known vulnerabilities.
• Don’t click on links from unsolicited emails, texts, or messaging applications. Employees should be educated on the dangers of phishing and malicious links. Malicious links can install programs on an employee’s device or attempt to collect information from it.
• Avoid transmitting or storing personal information on the device. Ideally, data shouldn’t be installed on a device unless it’s encrypted. Personal and work data should also be kept separate, though many employees are increasingly using their personal device for everything—this is something difficult to avoid beyond offering a dedicated work device.
• Be careful about what you plug your device into. Devices that look like charging devices could potentially have software inside of them designed to steal data. USB devices could also try to install malware on your device.
• Encrypt the data on your device. Many devices have this feature. Even if the data is accessed, it may not be able to be read.
• Use Find my iPhone or the Android Device Manager to track your phone. If your phone is lost, you can use these services to immediately locate it, lessening the chances that it could be stolen and cracked into.
• Backup your data. Data should be synced and backed up regularly, to avoid the loss of data if a device needs to be reset.

All of these together can reduce risk, but even the most conscientious employee can also make a mistake. Contact Red River today to learn more about creating a secure digital environment.