Founded by John Kindervag in 2010, the Zero Trust information security framework centres on the belief that an organisation should not automatically trust anything inside or outside its perimeter and instead must verify anything and everything trying to connect to its systems before granting access.
In a traditional ‘castle-and-moat’ security approach, organisations focus on defending their perimeters and assume that every user inside a network is trustworthy and cleared for access. The vulnerability with this approach is that once an attacker or unauthorised user gains access to a network, that individual has easy access to everything inside it. In the zero trust model, no user is trusted, whether inside or outside of the network; it advocates the principle of ‘never trust, always verify’.
As we discussed in our recent blog, unprecedentedly large numbers of staff working remotely brings heightened security risk. With IBM’s 2018 Cost of a Data Breach study revealing that the average cost impact of a single data breach to a company is over $3 million, not to mention the risk of regulatory fines and brand reputation, this is a risk firms can’t afford. By replacing traditional authentication methods with zero trust technologies – such as multi-factor or two-factor authentication (2FA) – breach attempts are mitigated, and data across an increasingly fragmented network is protected.
According to Verizon’s 2019 Data Breach Report, 80% of security breaches involve compromised passwords, while the 2019 inaugural UK Cyber Survey, released by the National Cyber Security Centre (NCSC) found that over 23 million people are still using ‘123456’ as their main password protecting their data from unscrupulous cyber criminals.
Multi-factor authentication protects your applications by using a second source of validation, like a phone or token, to verify user identity before granting access.
With remote working also heavily dependent on end user devices, 2FA allows firms to establish essential device trust, enforce access control across managed and unmanaged devices, and meet compliance goals with adaptive access policies that limit the exposure of your information to as few users and devices as possible.
It’s imperative that law firms quickly understand the devices being used to access the company network to assess and manage the risk. In current circumstances, the majority of firms won’t have had a chance to undertake a full review of what everyone is using; being able to minimise that risk by limiting access if a device is potentially susceptible to cyber threats – and providing a secure alternative – is key.
Providing secure access for every user and secure access to every application sits at the core of a zero trust network. It provides the visibility and IT controls needed to secure, manage and monitor every device, user, app and network being used to access corporate data.
As the Briefing Frontiers 2020: Legal IT Landscapes research highlighted, 87% of law firms have seen an increase in the number of clients performing security audits on them and 62% rated their cyber threat as 70 or above. It is, therefore, clear, that cyber security is something firms need to take more seriously than ever.
To learn more about how multi-factor authentication can keep your firm secure as your staff work remotely, please get in touch.
Other articles you may enjoy