Skip to content

Zero Trust in the Hybrid Workplace

The quick shift to remote work due to the pandemic created a massive opportunity for cyber criminals. The security solutions that most small businesses had in place did not provide a strong defense against the majority of cyber attacks in remote environments. During this widespread move to hybrid work, new types of threats emerged that are now best defended against with the adoption of the Zero Trust model.

According to Microsoft’s latest Digital Defense Report, the most common types of cyber attacks on hybrid businesses are: 

  • Email compromise 
  • Malware that appears like a legitimate software update
  • Ransomware-as-a-service (RaaS) which uses a partner network to carry out a cyber attack 
  • Increased attacks targeting on-premise systems

zero trust-2

70% of all data breaches are the result of email phishing. -Barracuda

At Nucleus, we’ve been educating our clients on email phishing, spear phishing and overall, cybersecurity awareness for years. It is this “human” layer that remains a number one threat within a hybrid workforce. The risk of malware, RaaS and on-premise attacks can be reduced with the following: implementation of MFA, use of managed devices and including more advanced security tools, best practices and policies in your cybersecurity strategy. 

  • Multifactor Authentication (MFA): Eliminates the needs for passwords. Biometrics can further strengthen the authentication of a user’s identity.
  • Managed Devices: Only managed devices should be used to access company resources. Patches and updates are deemed regular maintenance under managed services agreements.
  • Managed Security: Multi-layered managed security tools that continuously monitor your current state of security are critical in hybrid work environments. 

Zero Trust

Vendors, like Microsoft are now relying on an approach called “Zero Trust” which makes the assumption that no identity or device is secure. They define it as a model “that assumes breach and verifies each request as though it originates from an open network. Regardless of where the request originates or what resource it accesses…

“Zero Trust teaches us to ‘never trust, always verify.’”-Microsoft

What Areas Need to be Protected?

Today’s hybrid organizations are increasingly relying on cloud-based services; modern businesses need an IT security solution that protects people, devices, apps and data anytime, anywhere. Below is a list of the areas outside the traditional business network boundaries that require a different set of security tools:

Identities: When an identity attempts to access a company resource, that identity must be verified with authentication. Verify and secure all user’s identities with strong MFA and Single Sign-On. 

Endpoints: All users, apps and endpoints need to be secured. Once an identity has been verified, information can flow to smartphones, managed devices etc. 

Applications (APIs): Control and secure access to all critical APIs whether on-premise or modern software solutions.

Data: Protect your data wherever it is. Data needs to be protected even if it flows throughout these critical areas of defense.

Infrastructure: Continue to defend your infrastructure as it remains a critical threat vector. Modern security tools can be used to strengthen your defense that monitor, detect, block and flag attacks.

Network: All data is access over network infrastructure and and networks should be protected with real- time threat protection, end-to-end encryption, monitoring, and analytics.

Adoption of the Zero Trust model is happening in phases among small and medium-sized businesses (SMBs). SMBs that have embraced hybrid work post-covid have or have immediate plans to implement MFA and SSO.

If your business needs advice on your cybersecurity planning, or if you are interested in an assessment, please reach out to us.

Meet with us

We are local!