Although it may sound like a bulked-up bedtime story (remember The Famous Five?!) or a Tarantino flick, the Essential Eight is instead a list of eight essential strategies for Australian businesses to mitigate cybersecurity incidents. The Australian Government, in conjunction with the Australian Cyber Security Centre (ACSC), has created this security to-do list to help businesses and organisations avoid the – sometimes catastrophic – fallout that can occur following a targeted cyber attack.
The Essential Eight Explained
We all know we want our businesses to be secure online. We want to avoid malware and ransomware and data breaches. We want to be alert but not alarmed! But how best to make our businesses as safe as possible? The Essential Eight is a framework to do just that…
Essential Strategies to PREVENT attacks:
- Application Control This security measure is designed to protect your system from malicious code. It ensures only approved and trusted applications can be executed (and can also prevent the installation/use of unapproved applications).
- Patch Applications This measure helps to avoid new security vulnerabilities by applying vendor patches on third-party applications (such as Microsoft Office, PDF viewers and web browsers) in a timely manner.
- Configure Microsoft Macro Settings Malicious code can be executed through Microsoft Office macros. This strategy involves blocking macros sourced from the internet and ensuring no unauthorised user can modify macro settings.
- User Application Hardening This strategy refers to configuring web browsers, PDF viewers and Microsoft Office applications to ensure they disable ads, Java, Flash and other potentially malicious virus-carrying mediums.
Essential Strategies to LIMIT THE SCOPE of attacks:
- Restrict Admin Privileges This is one of the most effective risk-mitigation strategies. Admin accounts are like the keys to your online kingdom – the fewer sets of keys available, the less likely they are to get lost or misused!
- Patch Operating Systems Vulnerabilities in systems can be used to further compromise those systems – this strategy ensures automated updates and that ‘extreme risk’ vulnerabilities are patched within 48 hours.
- Multi-Factor Authentication This important tool makes it harder for cyber criminals to access your sensitive information and systems. For further details on implementing MFA, see our blog here [link to August blog 2].
Essential Strategies to ensure DATA RECOVERY and SYSTEM AVAILABILITY:
- Daily Back Ups Backing up important data, software and configuration settings (and storing these back ups for at least three months) means critical business information can be accessed following any cybersecurity incident. Find out more about backing up your business here [link to May blog].
Essential Eight ‘Maturity Levels’
Alongside each of the eight individual strategies is a ‘maturity scale’ – fundamentally a ‘where you’re at’ with implementation – from Level Zero (indicating significant weaknesses within the business in regards to that strategy) to Level Three (fully aligned and highly protected).
Remember: the ACSC suggests that businesses should ‘plan their implementation to achieve the same maturity level across all eight strategies before moving onto higher maturity levels’. Basically, this means that there is no use being a level three on the first strategy, but level zero across the other seven.
Note: Maturity Level One across all eight strategies is the minimum suggested level for small to medium businesses. For larger enterprises and organisations, Maturity Level Two or Maturity Level Three will be more appropriate.
Time for an IT Health Check?
Assessing where you’re at right now in regards to the Essential Eight is the first step towards full compliance with the strategic guidelines. At Geelong Technology Group, we can perform a complimentary IT Systems Review to help appraise your current cybersecurity situation and to recommend actions to safeguard your business against cyber threats in the future.
Let Geelong Technology Group Manage Your Cybersecurity
Servicing Geelong, the Bellarine Peninsula, the Surf Coast and surrounding regions, Geelong Technology Group helps small and medium businesses succeed by supporting and managing their IT requirements. With our extensive experience, tailored managed IT services and comprehensive cybersecurity options, we’re here to ensure your business is cybersecure – get in contact today.