There’s an irony in having a reputation management firm address the cyber security trend, “Zero Trust.” While we advocate the importance of trust to bolster a company’s reputation, we conversely adopt the Zero Trust model to defend against the sometimes irreversible damage of today’s sophisticated cyber threats.
The Zero Trust structure was originally introduced by industry analysts Forrester Research as an alternative for IT security. Rooted in the principle of “never trust, always verify,” Zero Trust is a security concept centered on the understanding that businesses should not automatically trust anything inside or outside its perimeters. Instead the company must verify anything and everything trying to connect to its systems before granting access.
“The strategy around Zero Trust boils down to don’t trust anyone.” says Charlie Gero, CTO of Enterprise and Advanced Projects Group at Akamai Technologies in Cambridge, Mass. “We’re talking about, ‘Let’s cut off all access until the network knows who you are. Don’t allow access to IP addresses, machines, etc. until you know who that user is and whether they’re authorized.”
While this model predominately addresses the overall security infrastructure, ReputationUs subscribes to the Zero Trust concept as an important education and communication process for a company’s executives and staff. According to statistics from a CompTIA study cited by shrm.org, “Human error accounts for 52 percent of the root causes of security breaches.” Moreover, these errors are caused by employees trusting a phishing scam or other related attacks that prey on a staff member’s propensity to trust incoming communications.
Part of our cyber security reputation management process is to 1) develop a communication infrastructure that regularly educates executives, employees and 3rd party vendors on the latest cyber security scams and 2) train executives and managers to identify issues and communicate efficiently and effectively to staff and customers. Part of our process now includes a Zero Trust archetype that firmly embeds being extremely doubtful on all unfamiliar communications coming into the organization. It’s a culture of skepticism we attempt to instill to ultimately protect the company from massive distractions to its operations.
Gero agrees, saying “If you want to stop breaches, Zero Trust is the best way how.”