You know your online identity is valuable – right? And you’re super careful about sharing your username and passwords. But are you a bit secretly worried that you could get duped by some sneaky cybercriminal into sharing them?

The good news is that there are some great strategies and solutions to help keep your identity details safe and sound – and out of reach of the baddies.

In this blog, we’re going to chat about two of those strategies. But first:

What’s the big deal about identity theft?

When the wrong people access your data and systems through an identity-based attack, you’ve got a big problem.

What’s an identity-based attack? It’s when a cybercriminal steals, manipulates, or forges your legitimate user credentials, such as your usernames and passwords. They can then impersonate you to gain access to your systems and have a good old rummage around. Often, they’ll head to your financial or purchasing systems, or personal employee or customer records. Here, they can place orders, withdraw funds from the business, and hold confidential employee and customer data for ransom.

The really scary thing is that once they’re in, they can reach your important systems and do some real damage in just hours, if not minutes! By the time you come back from a long lunch, the damage is done.

So, how do they get your identity details to start with?

Here are some of the most popular ways:

  • Phishing – this is when the bad guys (and gals) impersonate people and businesses you trust (banks, your boss, your accountants, your favourite online shopping website, etc). They contact you via email, text, or phone and trick you or one of your team into revealing sensitive information. To note: 90% of cyberattacks start this way!

  • Credential stuffing – here, the criminals use usernames and passwords they’ve stolen from one data breach to gain access to other accounts. For example, your local online supermarket gets hacked, and they get hold of your username and password. The baddies use bots to try the username/password combo across thousands of other websites to find one where you’ve used the same password – and they’re in.

  • Malware – short for “malicious software,” malware is any program or code that’s designed to damage, disrupt, or gain access to your computers, servers, or networks. It’s often introduced to an environment as an attachment or through a download.

And this is where taking a zero-trust approach pays off.

Zero-trust, no exceptions

So – what exactly is zero-trust?

The essence of zero-trust is… trusting no one. Ever. It may sound harsh, but it’s the only safe approach to protecting your network.

Zero-trust is based on strictly controlling who can access your network. And there are no exceptions. No one gets a free pass!

Zero-trust treats anyone in your network with suspicion – and applies a tough checking-out process. It basically goes like this: “Hey, you – stop right there! Who are you, and should you be here? Show me your proof of identity right now! And don’t even think of making a side trip to those private files!”

While it may sound a tad harsh, a zero-trust approach offers lots of business benefits. Your risk of a breach goes down, and since you’re not hanging around waiting for your network to be fixed and restored after a shutdown, your business-as-usual isn’t slowed down or stopped.

In fact, a recent global cybersecurity report (co-written by Microsoft) says: “83% of organisations adopting Zero-trust have successfully reduced security incidents.”

Yep, 83%.

(That’s got to be a compelling reason to check out zero-trust!)

Take control of your identities

So, how can you keep digital identities in the right hands? Let’s talk about identity and access management (IAM) solutions.

The main goals of IAM are:

  • Minimising who has access to sensitive information in your network. (The fewer the better!)
  • Making it hard to misuse that access. (Limiting where they can go and what they can see.)

With an IAM solution, you can control who gets to see what. The best idea, of course, is to restrict it to just what they need to do their job – even if it seems harmless enough. So, for example, John Smith from marketing can see the marketing budget and design files, but can’t see the payroll or personnel files.

You can also remove and update user access on demand when someone changes their job in the business, and delete old accounts when people leave. It will also keep track of everything, so if you need to investigate, you can do so. You’ve got every change ever made on record.

And when you add on MFA (multi-factor authentication), enforce stronger passwords (that’s a NO to 123456), and introduce SSO (single sign-on) to reduce password fatigue (yes, it’s a thing) – you’re adding even more protection.

In the zero zone yet?

It’s important to understand that zero-trust isn’t a product. You can’t ring up and ask for one off the rack in corporate navy blue, size XL. And if you do want a zero-trust environment, you’ll need an IAM solution. The two go together like fish and chips.

The good news is that Colton has helped lots of customers set up a zero-trust environment, along with all the IAM bells and whistles, with partners like Microsoft and Sophos. So we know what we’re doing and how to keep you and your identities safe.

Like to know more? Give us a call, and we can set up a free IAM consultation or a zero-trust readiness check.