Contributing Author: Allan Jacks, Morefield vCISO
October is Cybersecurity Awareness Month – a time to sip a pumpkin spice latte and reflect on how we protect our digital lives. It’s also a time to reassess and reinforce our defenses, spotlighting the role each of us plays in cybersecurity, and protecting our digital lives. While firewalls, antivirus software, and encryption are critical tools, the most powerful defense isn’t a piece of technology; it’s you.
The phrase “Trust but verify” comes from the Russian proverb “Doveryai, no proveryai” (Доверяй, но проверяй), which literally translates to “trust, but verify.” It was popularized by U.S. President Ronald Reagan during nuclear disarmament talks with the Soviet Union in the 1980s. It’s the idea that a responsible person verifies everything before committing themselves to act, even if it’s with a trusted individual.
This concept evolved into a formal cybersecurity framework known as Zero Trust, adopted by the U.S. federal government to address modern threats.
Zero Trust Architecture
“Zero Trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” You can read more about the approach under NIST Special Publication 800-207 – Zero Trust Architecture here.
The phrase has since been adopted in various contexts, including that of cybersecurity, where blind trust can be exploited and verification is essential for resilience. This means understanding who every user is within your environment, and what endpoint they are coming from, and includes devices within a trusted network behind the firewall.
The reality is that trust can be a huge vulnerability. In today’s hyper-connected world, every individual is a potential target – and a potential defender. That’s why the mantra “Do Not Trust but Verify” isn’t just for IT Professionals. It’s a mindset every person should adopt to become a human firewall –a vigilant, informed defender against digital threats.
For individuals, this means
- Questioning unexpected messages – even from known contacts.
- Verifying links, attachments, and requests before clicking or responding.
- Being skeptical of urgency, fear tactics, or too good to be true offers.
Trust nothing blindly. Verify everything.
Why You Matter More Than Ever
Cybercriminals know that humans – not machines – are often the weakest link. That’s why phishing, social engineering, and impersonation attacks are so effective. But when individuals are trained, aware, and vigilant, they become the strongest line of defense.
You are the human firewall when you
- Pause before clicking a suspicious link.
- Report a phishing email instead of ignoring it.
- Use strong, unique passwords and enable multi-factor authentication (MFA) wherever possible.
- Keep your software and devices up to date with patches.
- Speak up when something feels ‘off’
Good Habits to Verify Before You Trust – Working With a Zero Trust Mindset
Imagine receiving an email from your boss asking you to buy gift cards urgently. It looks legitimate – but something doesn’t feel quite right. Pause, verify the sender’s email address, then call or text your boss. It turns out it was a phishing attempt. Your vigilance just saved your company from fraud. Additional best practices to adopt
Email and Messaging
- Hover over links to check their destination.
- Confirm unusual requests via a separate channel (calling or texting the sender).
- Be wary of any attachments from unknown or unexpected sources
Passwords and Authentication
- Use a password manager to generate and store strong passwords.
- Turn on multi-factor authentication (MFA) wherever possible
- Never reuse passwords across accounts, including those used in your personal life and within your accounts in your work life.
Social Media and Public Sharing
- Avoid oversharing personal details that could be used for impersonation.
- Be cautious of friend requests or messages from unfamiliar profiles.
- Don’t click on viral links without checking their source.
Software and devices
- Update applications and operating systems on a regular basis.
- Only download software from trusted sources.
- Use Antivirus and endpoint protection tools.
This October commit to being a human firewall. Share tips with friends and family. Encourage your workplace to complete cybersecurity training.
Key Moments to Share With Your Co-workers, Family, Friends
- Trust is exploitable, but verification is defensible.
- Verification doesn’t rely on assumptions but demands proof. Verification creates an audit trail and accountability, and applies access controls based on real-time context. Verification is not about paranoia. It allows organizations and individuals to say “We didn’t just trust – but we also checked.
- Trust is a feeling. Verification is a strategy.
The key is balance – security must be strong, but seamless. Organizations must invest in user-friendly verification tools like single sign-on (SSO), adaptive authentication, and behavioral analytics.
Is it time? Implement Zero Trust Into Your Company Culture with Morefield’s Expert Guidance
The time to shift from “trust” to “verify” is now. While trust is essential for collaboration, blind trust is a vulnerability. Verification isn’t about suspicion – it’s about responsibility.
By adopting Zero Trust principles, individuals and organizations can protect data, systems, and people without sacrificing agility. The cost of inaction is too high, and the tools to verify are more accessible than ever.
Cybersecurity Awareness Month is a reminder that vigilance is not optional – it’s foundational. The phrase “trust but verify” served us well in simpler times. But today, verification must come first. Trust should be earned, not assumed. As threats grow more sophisticated, our defenses must grow smarter. It’s time to stop trusting – and start verifying.
Is Zero Trust right for your organization, but you are unsure of how to get started? Morefield’s experts can advise you on the best options and optimize the solutions that best align with your business. Contact us to learn more about our Cybersecurity services and how we can help you adopt Zero Trust within your Company today.