Tag: zero trust

  • Have you heard of zero trust security? Why it should be the standard for small businesses and 3 ways to implement it

    Have you heard of zero trust security? Why it should be the standard for small businesses and 3 ways to implement it

    Explaining cyber security in 2024 means navigating all sorts of buzz words – cybersecurity awareness, data breach, ransomware and malware, endpoint security, threat detection, two-factor and multi-factor authentication, and yes zero trust just to name a very small portion of them.

    We know users feel burnt out on the number of phrases that do represent actual security threats that are thrown at them day to day, as an IT service provider it can be difficult to translate this phrasing into a tangible concern for our clients.

    For example, whose data hasn’t been leaked in a data breach in 2024? Our personal data has become a commodity that most of us have accepted may end up on the internet in ways we can’t anticipate or prevent.

    But that’s not exactly true, with a zero trust environment you can make your business much more resilient to threats and data breaches and it’s not as difficult as you may think.

    What is Zero Trust? Zero Trust abandons the idea that everything connected to your work network is safe and instead treats everything as a potential threat, you might be thinking now, why would I want that? It is a more rigorous approach but extremely beneficial, if every device must be individually verified then none of them can act as a trojan horse to your business.

    The key pillars of Zero Trust are:

    • Least Privilege: Users get enough access to do their job, no more no less. We can’t tell you how many situations we’ve encountered where everyone’s computer has admin level privileges, and in a data breach situation that would make any one of those devices an extreme threat to your business.
    • Continuous Verification: It might be kind of irritating at first to check your two-factor application or your phone for a texted code – but the benefits will come in spades should any of your passwords be leaked (only around 50% of users are aware of good password hygiene).
    • Network Segmentation: This one is not too difficult to implement, and your users won’t even notice it, this is just segmenting your network so that say your work computers and other devices are on one network and outside devices (like a visitor’s cellphone) are on something like a guest network. This zero cost fix will mean you have greatly reduced exposure to threats from outside devices.

    Within the pillars it’s easy to see the three steps we would recommend someone start with when setting up a zero trust environment, that is reducing users to having only the level of access tey need, enforcing two factor or multi-factor authentication, and setting up at the very least a guest network.

    When it comes to implementing cyber security standards, the sky is the limit. All of the settings we recommend above really only cost time, but they will benefit your business greatly in the event any kind of breach occurs.

    Limiting the damage that can be done is always the goal when it comes to cyber security, hackers will constantly push at boundaries and find ways to access your systems (yes even if you’re a small business) and with minor improvements you can protect yourself from most major threats.

    Cyber security protection is a cornerstone of our service plans, and whether you’re interested in evolving your cyber security standards to include zero trust strategies or in receiving the benefits of a comprehensive cyber security stack without having to assemble it yourself, Valley Techlogic has you covered. Book a meeting with us today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • Zero trust or zero effort, how does your businesses security stack measure up?

    Zero trust or zero effort, how does your businesses security stack measure up?

    Have you been working on strengthening your cyber security stack in your business or crossing your fingers and hoping for the best? How much protection is really enough?

    There are a lot of remedies for improving cyber security out there, but which ones present the best value for your business, and what constitutes a “zero trust” environment?

    If you’re just starting out, these 10 items will greatly improve your business’s cyber security safety in a short amount of time (we call these “best practices”):

    1. Use multi-factor authentication. This one is obvious, but we still see it not being employed regularly. Multi-factor authentication is generally extremely easy to enable (often times just a checkbox) and it greatly improves the safety of that account. When we’re talking about accounts like your business email, or your banking account it’s a no brainer.
    2. Use a password manager. This is another easy one to employ but people still ignore it, or even worse they use the password manager built into their browser. We’re not saying that’s completely wrong, especially if you’ve started using stronger passwords because of it. It’s still a good idea, however, to use a password manager that’s not directly connected to your system. Often times the same password or biometric you use to log onto your computer is the one used to unlock your browsers password database, so if someone has breached the device all those passwords will be available to them too.
    3. Employ Biometrics. Speaking of biometrics, they can be an improvement over passwords when it comes to a physical devices security. Especially for mobile devices, most of us access our work emails, banking accounts, etc. through our phones. It’s very easy to lose a phone, so making that phone unusable to whoever finds it (or has taken it) is a good idea.
    4. Don’t give everyone admin privileges. Not every employee needs all the keys to your kingdom, limit admin access only to those who really need it so if you do have a breach the damage can be limited as well. This is a key component of a zero trust environment (which we describe in the chart below).
    5. Communicate your goals and train your employees. Loop employees into your increased cyber security efforts and provide training, no one wants to be responsible for a cyber-attack in their workplace but without training employees can become unknowing and unwilling threat vectors.
    6. Monitor network activity. Now we’re starting to get into the more challenging topics, monitoring your network activity can be a very effective way of noticing early when something is amiss. There are tools out there that can do this monitoring for you and provide warnings if suspicious behavior is detected (like a device being logged in after hours when it never usually is).
    7. Use encryption. It’s pretty easy to use encryption in email or with sensitive documents (again often just a checkbox) but it’s an effective way to make sure sensitive data doesn’t fall into the wrong hands.
    8. Use backups. Again, in the same vein of protecting your data having automatic backups will greatly increase your chances of recovering after a cyber-attack. Especially if those backups were stored offsite (such as cloud backups). We wrote an article on the best ways to manage your OneDrive storage (which is included in your Microsoft 365 subscription) here.
    9. Regularly patch your devices. Many of your vendors actually provide security protections for you via their patches, which more often than not are addressing specific security concerns that have been identified. Patching costs nothing but your time and the benefits are ten-fold compared to the costs of a security breach in your business.
    10. Have a security audit performed. The best way to address the holes in your security plan is to have a reputable IT company perform a security audit. Valley Techlogic is a provider of these audits in the Central Valley and you can request a consultation here.

    Performing these ten activities in your business will greatly improve your cybersecurity effectiveness across the board, but if you’ve reached the bottom of this article and have realized you do all of these you may be wondering what’s next? Or perhaps you’ve heard of zero trust but aren’t sure what that entails, here are the key components to having a zero-trust cybersecurity environment:

    We address ALL of these topics in our new book, Cyber Security Essentials, which covers all the components of a cybersecurity framework and how to implement them in your business. You can see a preview of the book in the video below.

    [youtube https://youtu.be/jlBAoq4tLNc]

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.