What Zero Trust Can Teach Us About Responding to Fake News

Posted on 24 August 2020

It’s everywhere: from clickbait articles to sophisticated deepfake videos, fake news has wormed its way into our modern lives. So, how can businesses protect themselves and their employees from believing everything they see? The answer is simple: Zero Trust.


By now, it’s very likely that you’ve encountered fake news during your personal and professional life, and there’s no shame in admitting that you’ve probably been convinced – even for a second – that you’re reading the truth. 5G conspiracy theories? An ulterior motive behind Coronavirus? Sex traffickers operating out of pizza parlours? When bombarded with information that is both convincing and plays on our individual fears, it’s easy to be swept up in the fake news furore.


Whereas individuals can quickly find themselves outraged, embarrassed, or swayed to one side or the other, for businesses, there’s an extra dimension of risk to fake news. Aforementioned deepfake videos and audio are being used to spread the sort of disinformation that makes phishing attacks possible, while fake news can nudge organisational decisions one way or another.


So, what can businesses do?


Getting to Grips with Risk


Firstly, it’s important to come to terms with the impact fake news can potentially have on an organisation. Aside from putting the PR department into overtime when a fake story breaks, or scaring shareholders when a mistruth dents share prices, businesses are at risk of significant security challenges.


Spear phishing attacks represent a particularly significant risk, with falsified audio being used to convince individuals that a trusted source within the organisation has requested a large transaction, or for access to security credentials. Elsewhere, bringing unverified information into the business can sabotage sales operations, business strategy, and even market intelligence, derailing months and years of hard work.


With so much convincing false information out there, bombarding us all the time, organisations need to take to a firm guiding principle, and in our experience with identity and security, we lean towards the Zero Trust approach every time.


How can a security and technology principle help stem the tide of fake news, you ask? Simple.


The Zero Trust Mantra


“Never trust, always verify” is the mantra that sits at the heart of the Zero Trust model. In terms of security, this means assuming that all user identities have already been compromised, granting access only when enough conditions have been met, and when the user’s identity has been well and truly verified.


Translating this to fake news is simple: encourage employees not to trust everything they read, instead seeking out verification from independent fact-checkers, alternative sources, and first-hand information.


This prevents any disinformation finding its way into the organisation, keeps employees on the ball and engaged, and is a skill that can be built upon to identify social engineering scams, adding a further layer of protection.


It really is as simple as that.


No False Hope


Unfortunately, we’re not likely to see fake news go away any time soon: at this point, it’s simply too pervasive, with parties across the spectrum having the freedom to make and disseminate false information on a whim.


We can, however, draw on ideals and thought processes from other areas to shore up against the influx, and keep our employees from being flooded with fallacies. And in the meantime, perhaps you’ll find a need for the Zero Trust principle elsewhere in your organisation – in which case, you know where we are!


If you’d like to find out more about the true application of the Zero Trust approach, or need help with educating your employees on phishing and security, feel free to get in touch.


A few people we've already done it for