First off, if you are reading this, give yourself a pat on the back. You deserve a Kudos. Your decision to invest the time into learning about IT and cybersecurity shows me that you are more committed to growing your business than most people.
When the pandemic hit, most CEOs worried about sending their people home first and security second. This means an untold number of remote workers began working from home with unsecured Wi-Fi, no security software (free security software is pretty much the same thing as no security software, by the way), and (in many cases) no secure VPNs.
And of course, not every CEO started handing out company issued laptops like candy. Many remote workers were forced to use their own personal devices for work—the same devices their kids play games on and they browse the internet on.
Don’t get me wrong, I am not placing all the blame on the CEOs who did this. The truth is they probably didn’t know better. If they didn’t have a trusted security advisor or IT team working on their behalf, they wouldn’t know the proper protocols for emergency work-from-home. They probably wouldn’t have a Bring Your Own Device (BYOD) policy, Acceptable Use policy, or an Emergency Response Plan.
But here is the scary part. Even if you sent employees home with company issued laptops, secure VPN connections, anti-virus & anti-malware, great company technology policies, and had content filtering in place, it still isn’t enough. Why? Because this does not prevent day zero-day attacks.
“The term ‘zero-day’ refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released. So, ‘zero-day’ refers to the fact that the developers have ‘zero days’ to fix the problem that has just been exposed — and perhaps already exploited by hackers. Once the vulnerability becomes publicly known, the vendor has to work quickly to fix the issue to protect its users. But the software vendor may fail to release a patch before hackers manage to exploit the security hole. That’s known as a zero-day attack” (Norton).
New malware is evolving at an alarming rate that even machine-learning cannot recognize. In fact, nearly 1 million malware variants are released weekly and zero-day exploits occur almost every week. By 2021, Cybersecurity Ventures predicts that cyber criminals will launch new exploits daily.
So what can you possibly do to prevent these zero-day attacks? The answer lies in Zero-Trust.
Zero-Trust is a security framework which states that organizations should not trust any entity inside or outside of their perimeter at any time. It is necessary in today’s environment to provide the visibility and IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data.
Basically, the idea is a user should only be able to access programs and files they need to do their job, and nothing else. You effectively shut down all available avenues for infiltration. All programs, applications and executables are blocked until permitted by the company’s IT lead or provider.
Should businesses consider moving to a Zero-Trust computing model?
Moving to a Zero-Trust computing model is the best security posture businesses can take right now to ensure safety of their data, their profits, and their sensitive information. This is because Zero-Trust is based on implicit deny.
Access to programs, applications, executions, downloads, etc. are all denied by default unless explicitly allowed. This means that not only are we only allowing approved programs for your company to run on devices, we are also locking down those programs so they can only do specific things. For example, if an application does not need to access the internet, it should not be allowed to. If a user does not need to save files to USB drives as part of their job, they should not be able to (many disgruntled employees steal files this way before quitting or after being fired).
If you are thinking that putting your company’s systems in lockdown mode like this may seem really complicated, don’t worry. This is something we are here to help you with. TotalCare IT has done this as a company internally, and with some* of our clients, and we make the process very simple for you.
The process starts with a silent automated installation from our remote management system. Then, for about a week, the software enters into a listening mode. This is where the software will record every program and associated file all users access—it is assumed that after a week most programs and files needed are accounted for. Next, a very skilled and talented person from our team evaluates the permissions needed. They work with your management team to report back the applications and software accessed by your employees and create an approved list. After the list is vetted, the system enters lockdown mode. Once in lockdown mode, no new programs are allowed to execute until authorized.
A scenario like an employee clicking a link in an email that looks harmless (which executes a payload and begins to encrypt your computers hard drive), is effectively stopped in its tracks. But what if I need new or updated software added to my computer, you ask? No problem. A simple pop-up is presented to the user when they attempt to install new software. They can click to notify IT so the software can be vetted and approved securely.
You might be thinking, is this additional protection or security measure expensive? Not really when you consider the cost of downtime, lost productivity and possible ransom requests. The typical environment would spend $5 per computer per month for this type of additional protection. It can seem like there are many options out there for security, but this option is by far the least intrusive and most protective that we have seen to date. Zero-Trust allows for your business to run only what is approved.
For more information, feel free to reach out to someone on our team. We are always happy to assist in educating and creating resilient and secure Idaho businesses. Secure data, practices and processes are our local economy’s lifelines.
*2021 update: ALL TotalCare IT clients are now using the Zero-Trust computing method and we have already seen it stop a cyber attack that tried to execute on one our client’s machines.