This is Two Minute Tech Tips, I’m your host Lester Steward. In this series we are discussing Business cybersecurity and what you need to know to protect your business.
Traditionally the IP address of a network device was a unit of trust on a network and was allowed access with no further checks. Now most trust is tied to identity on the network, a machine ID or a human ID depending on how the access is setup.
Trust on a network is very dangerous especially when it’s explicit. Nothing should be automatically trusted, and any trust that is given should be reviewed often.
One of the first steps in zero trust is the rule of least privilege, the cybersecurity & Infrastructure security agency in the U.S. states, “Only the minimum necessary rights should be assigned to a subject that requests access to a resource and should be in effect for the shortest duration necessary. Granting permissions to a user beyond the scope of the necessary rights of an action can allow that user to obtain or change information in unwanted ways. Therefore, careful delegation of access rights can limit attackers from damaging a system.” So, the thought is to review often if users have the least amount of access needed to minimize any threats.
It takes time to implement these rules for access and having an I.T. team to help understand permissions on a network will be invaluable. Strengthen your security by limiting access.
On the next episode I’ll continue outlining the steps to achieve a zero-trust network with the subject of segmenting access to add layers of security.
If you need any information on this subject, please let North Tech Group know by visiting our website ntgak.com.
Thanks for joining me, Lester Steward for your Two Minute Tech Tips, helping you keep safe in your cybersecurity world.