• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

Terry Davis / August 26, 2022

Zero Trust…or Don’t You Know Who I Am?

In college, I worked at a bank when I came home for holidays or the summer. I was a rotating teller, so I was always at different branches.
Once, an elderly gentleman came to my window to cash a check. I greeted him nicely and asked for his identification to cash the large check drawn on his account. He began to yell and throw a fit, saying he had been banking there for 30 years.
I calmly explained that I was new and did not know him and was simply trying to protect him by ensuring I wasn’t giving his money to someone else. One of the other tellers vouched for him, having known him as a customer for many years. I wanted to ask him if he knew me and then explain that if he didn’t know me, how should I know him? But alas, common sense is not so common sometimes.
Implementing a Zero Trust model in your organization’s network involves a similar approach.
Users should be required to prove who they are before they are allowed onto the system. This can be done via multi-factor authentication, ensuring passwords are changed regularly. Verifying user identity must be mandatory wherever the user is accessing the network.
Additionally, implement a policy of ‘least privilege’ or role-based access control. Only allow access to that which a user needs to perform their job. In the intel community, this is referred to as “need-to-know.”
Another method for zero trust is network segmentation. This involves implementing subnetworks into your infrastructure. This assures that only those who need access to certain information are granted access AND deters lateral movement across the network for any nefarious actors (i.e., bad guys).
On a side note, whenever you are asked for your identification when using a credit card or for any such transaction, thank the person for protecting you.
CYBER NEWS
Fremont County, Ohio, Extends Disaster After Cyber Attack
Fremont County, Ohio, Extends Disaster After Cyber Attack
With no email or Internet services within the county government after a cyber attack, there were no laptops, no impromptu use of the GIS website when needed, and no access to information for the clerk’s monthly report.
www.govtech.com • Share
CFO Spoofed in Convincing Business Email Compromise Scam
CFO Spoofed in Convincing Business Email Compromise Scam
Here’s an example of a BEC attack that almost worked.
www.avanan.com • Share
This company paid a ransom demand. Hackers leaked its data anyway
This company paid a ransom demand. Hackers leaked its data anyway
It’s always recommended that ransomware victims don’t give in to ransom demands – and this real-life case demonstrates why.
www.zdnet.com • Share
PayPal Phishing Scam Uses Invoices Sent Via PayPal
PayPal Phishing Scam Uses Invoices Sent Via PayPal
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives – which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction…
krebsonsecurity.com • Share
TIP OF THE WEEK
Be Our Guest: When I visit a client site, I check on my phone to see if I can log in to their main network or if there is a separate guest network to log into.
There should be at least two networks at home or in the office. One for business and one for guests. Additionally, both should be password protected (with different passwords from the router and each other).
You wouldn’t leave your front door unlocked for anyone to come in. Don’t leave your network open, either.
CYBER HUMOR

VOCABULARY WORD
Zero Trust: Restricting access to your network by using authorization and verification tools and creating segmentation to only allow users access to the information they need for their role.
TWEET OF THE WEEK

Commonwealth Sentinel
Commonwealth Sentinel
@CwealthSentinel

The Week in Ransomware – August 19th 2022 – Evolving extortion tactics https://t.co/WV6NTx6LRL https://t.co/mKmXZ5BVZo
6:33 PM – 22 Aug 2022

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT