In today’s digital age, cyber threats are constantly evolving, and businesses and organisations of all sizes are vulnerable to cyber-attacks. It’s essential to take proactive steps to protect your company’s systems and data from cyber threats, and one way to do that is by adopting a comprehensive cybersecurity framework.
One popular and effective framework is the Essential Eight compliance framework, developed by the Australian Cyber Security Centre (ACSC) in 2017. The Essential Eight is a practical and prioritised guide outlining eight strategies organisations can use to improve their cyber security posture. The Essential Eight has 3 different maturity levels, which depending on the nature of your business and the inherent risk, you may need/want to achieve a higher maturity level.
Here’s a brief overview of the Essential Eight strategies:
- Application whitelisting: Creating a list of approved applications that are allowed to run on an organisation’s systems, in order to reduce the risk of malware infections.
- Patching applications: Regularly applying security patches to software applications to reduce the risk of cyber-attacks exploiting software vulnerabilities.
- Configuring Microsoft Office macro settings: Disabling macros by default and only enabling them for approved files, to reduce the risk of macro-based attacks.
- User application hardening: Configuring web browsers and other user applications to block malicious content and restrict functionality that is not needed for business purposes.
- Restricting administrative privileges: Limiting the number of users with administrative privileges to reduce the risk of unauthorised changes to systems and data.
- Patching operating systems: Regularly updating operating systems with security patches to address vulnerabilities.
- Multi-factor authentication: Requiring users to provide additional authentication factors, such as a fingerprint or a security token, to increase the security of systems.
- Daily backups of important data: Backing up important data on a daily basis to minimise the impact of data loss due to cyber-attacks or other disasters.
The Essential Eight is a practical and effective guide that has been widely adopted by government agencies and businesses in Australia. Compliance with the Essential Eight is not a one-and-done process – cyber threats are constantly evolving, and organisations must remain vigilant and adapt their security measures to stay protected.
In our next post, we’ll take a closer look at each of the Essential Eight strategies and provide tips on how to implement them in your organisation.