Don Sesler, The Technology Whisperer: As the owner, I have the honor of leading a team of super-smart individuals who share my passion for helping entrepreneurs and business owners not fall victim to complex technology challenges that can kill productivity. We want to tame your technology so that it works for you and not the other way around. What technology problem is making your life more complicated than it should be? Reach out to me and tell me your story.

From Sticky Notes To Zero Trust

The Evolution Of Online Security

My wife and I just moved across town to get closer to her office. As I was setting up my home PC in the new place, I peeled off the last, ancient sticky note password reminder that was stuck on my monitor. It’s been there for as long as I can remember, and I had long forgotten what the password was for, but chances are good it worked for a few different sites back in the day, which was part of the problem.

These days, most of us have gotten used to using a password manager of some sort and enabling two-factor authentication (2FA) for the important stuff. Sure, it’s a little annoying to stop and verify my identity each time I log in, but there’s no denying that 2FA significantly reduces the risk of someone gaining unauthorized access to my accounts.

Still, 2FA isn’t perfect. A good hacker can steal a verification text message, and if you ever lose your phone, recovering access can turn into a real hassle. That’s why we’re seeing a shift toward the next generation of security tools, which work together to strike a better balance between protection and ease of use:

  • Passkeys are replacing passwords. The most important difference is that you don’t have a password to remember. Passkeys are cryptically tied to your phone, laptop, whatever, so that even if a hacker steals your login email, there’s no password to guess or reuse. You set up a passkey once and, after that, logging in becomes painless and extremely secure on that device. Expect passkeys to become a requirement soon on Google and Microsoft.
  • Endpoint management starts with traditional antivirus tools and then adds monitoring to ensure every business device your team uses continues to be properly secured. If the antivirus gets turned off, or a firewall is disabled, or unapproved software is installed, the system can alert you or even block access until it’s fixed.
  • Zero Trust goes beyond endpoint management by asking:  “Is this the right user? On the right device? In the right location? Doing what they normally do?” If something doesn’t look right, it’ll get flagged.

The bottom line is that this new combo of passkeys, better endpoint management, and zero-trust philosophy makes life easier for the user, while making it significantly more difficult for a cyberthief to gain access to your information.

How Much Pain To Make This Happen?

It depends on where you are starting from.

Assuming you haven’t done any of this yet, here’s how I would prioritize the effort.

  1. Get a business-class password manager. This will help you in setting up and managing passkeys, and has the added bonus of allowing you to onboard and offboard employees quickly and efficiently. We use Keeper, but there are several good ones.
  2. Endpoint Management is next: These tools are available on some tiers of Microsoft Office 365 and Google Workspace, as well as many business-class antivirus solutions. You may need a little help setting this up, but it’s not a huge effort.
  3. Zero Trust is the current pinnacle: You’ll need a tech-savvy person to get this done, but it might be worth the effort depending on your business.

None of this is rocket science, and all of these security tools are mature enough now that any competent tech support group should be able to help you set this up. And, of course, if you would like for us to be the ones to help you with it, feel free to reach out to our team or book a spot on my calendar. We’ll be happy to help.