Zero-Trust Cybersecurity - Trust No One?
The recent Executive Order On Improving the Nation’s Cybersecurity mandates that the federal government move to a “zero trust” cybersecurity model. The premise of zero trust is that cyber threats are ever-present externally in the form of hackers, and internally as inadvertent mistakes.
Zero trust simply means continuous verification and authentication of identify and authority to ensure requests are from authorized and trusted sources and not malicious actors. You can implement zero trust at work and at home by asking yourself three questions.
Am I expecting this communication?
Does it appear to come from a trusted source?
Have I used information already on file to validate the source, and personally called to validate the requester?
If any answers are “no” there is a higher risk of a cyber incident. Therefore, taking a few extra steps to vet emails and calls supports the zero trust model and protects your work and home environments from disruption and costs due to an incident.
In addition to your normal incident response protocols, please contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks or if you need assistance with internal controls.