Today (Thursday) President Biden signed the American Rescue Plan Act. This will release 1.9 trillion dollars into the U.S. economy. This may be a political football nationally, but no one is more excited about this cash infusion than the hackers and grifters who plan to take advantage and steal as much as they can. Zero trust security is a digital defense that can help protect against such eager and adept bad actors.

What does “zero trust” even mean? Zero trust is a security model based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network perimeter. This security model embraces the increasingly mobile workforce, and it can better protect data, devices, apps, and the people who rely on the connections to all of them. The premise for the efficacy of a zero trust security platform is the confirmed identity of the user. Confirmation is through multi-factor or two factor authentication.

With so many workers still logging in from off-site, businesses have more vulnerability than ever. Every legitimate login can also open the door for a hacker. All business owners are advised to assume a breach. The most recent egregious breach has been the hack of unemployment benefit accounts. Hundreds of millions of dollars were recently lost after hackers stole the identities of people who lost jobs because of the pandemic. Hackers then filed fake unemployment claims in the names of real state residents. The data stolen includes names, social security numbers, driver’s license numbers, bank information, and places of employment. The benefit debit cards or direct deposits went to the temporary addresses and accounts of the hackers. The use of 2FA could have prevented that.

Many apps have already implemented this principle. Before access is granted, a code that was texted to you on your cell phone must be entered. This strategy presumes that a threat actor may have a password but that he will not have another of the victim’s devices. The purpose of using another mobile device is that it leverages network segmentation, prevents lateral movement, and provides multilayer threat prevention. Using 2FA is a pain in the butt until that notice comes from the bank that warns someone tried to access someone’s account. With cybercrime on a steep rise, 2FA is now common sense. It is putting a deadbolt on the front door in addition to the original lock.

Yes, employees are grumbling. They are going online to try to find a way around taking the extra seconds to use 2FA. But it is your money, your data, and the future of your business. Choose your zero trust security platform, implement it immediately, then set up training (and preaching) for your staff. Get it. Learn it. Use it. Defend yourself.