614-322-2222 or 877-770-8324

Trust, but verify: A modified Zero Trust standard applied to your personnel



Trust, but verify: A modified Zero Trust standard applied to your personnel

Magazine Article

Trust, but verify: A modified Zero Trust standard applied to your personnel

By Vanessa Harmon Gouhin
Director of HR

Columbus Business First

An organization’s data-bearing devices, and the data contained thereon, are under constant attack. The result had been significant daily data breaches – literally.  Just this past year, an 88% increase in business security threats or incidents has been reported. [1]  Much of this attack activity is directed at an organization’s personnel, and the prolific provisioning of access to resources, as well as the variety of users of data bearing devices, has directly contributed to the continual rise.

This real fact dictates that in order to achieve an optimal level of data security within an organization, it is critical to apply a Zero Trust standard to all employee actions – at least a modified version. Our suggestion then, to echo the words of President Ronald Reagan, “Trust, but verify.”

This may sound harsh at first blush, but in reality it is important for the protection of the very people to whom the standard is being applied. Employees are enticing targets to criminals because of their access to company and client data – most often via data-bearing devices. “It is well established that employees are the intrinsic cause of a majority of data breaches occurring in every industry today,” says Sean Gouhin, EVP and chief corporate counsel at TechR2, LLC, a Columbus-based data security company.

“At TechR2, we advise our clients to implement and adhere to a Track-Contain-Destroy-Verify policy – commonly known as Tear-A-Byte® – when it comes to loose-media maintenance thereby all but eliminating any such employee risk. Risk assessment, training, certification and written plan implementation are critical components of the policy,” he said.

Security hygiene is of utmost importance and a sound protocol that tracks, contains, destroys and verifies proper handling of data-bearing devices, as well as the data contained therein, ensures employee clean hands. Periodic monitoring via risk assessment, reconciliation, auditing, reporting and review maintains the integrity of the program. Such protocol adheres to the Zero Trust policy and serves to protect not only the organization, but as importantly the people that make up the organization. By removing the risk altogether, trust logically follows as any chance of collusion or negligent breach is mitigated. Verification is then used to formally confirm what we already know.

In today’s threatening environment, every business should be motivated to invest in state-of-the-art data security solutions and employee training. Such training is a key element for the protection of your employees and for the establishment of a company’s cybersecurity framework.  Otherwise, you are exposed to ever-increasing fines, penalties and punitive punishment of rules and regulations the likes of GDPR, HIPAA, PCI, California’s soon-to-be effective Consumer Privacy Act, etc.
Technology threats evolve daily and today’s businesses cannot account for as much as 70% of their data-bearing devices. The employees in possession of these devices (and the data) are the most critical layer — the last line of defense — with multiple access points which are at risk.

Protect your employees. Trust in your employees. But always verify. A policy that implements Track-Contain-Destroy-Verify procedures will mitigate the human vulnerability factor. Trust, but verify.

Learn how TechR2 can help protect your business.

[1] AT&T 2018 Cybersecurity Insights, “Charting a New Course.”

Vanessa Harmon Gouhin is a licensed attorney and serves as director of HR at TechR2, LLC. Harmon Gouhin is a premier authority on data security solutions as applied to organizational behavior and human resources, and has been published on the subject matter.

  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.

  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.

  • Why risk it? Get started today!
    Call 614-322-2222 or use this form.