To help organisations better protect themselves against various cyber threats, the Australian Cyber Security Centre (ACSC) has developed a series of mitigation strategies called the Essential Eight.
The Essential Eight consist of:
1. Application Control
This is like having a guest list at a party. It means only allowing approved and trusted applications (software) to run on your computer network. Any program that isn’t on the list won’t be allowed to run, which helps prevent malicious or unauthorised software from causing harm.
2. Patch Applications
Just like you update your smartphone apps to fix bugs and add new features, organisations need to regularly update their software applications. These updates, or “patches,” often contain important security fixes to protect against known vulnerabilities.
3. Configure Microsoft Office Macro Settings
Cybercriminals sometimes use Microsoft Office to hide malicious code in documents. This strategy involves configuring Office settings to make it safer and blocking certain types of web code that could be harmful.
4. User Application Hardening
This is about making sure the software programs used by your employees are set up securely. It involves adjusting settings and permissions to minimise potential vulnerabilities.
5. Restrict Administrative Privileges
Think of administrative privileges as superpowers in the computer world. This strategy involves limiting the number of people who have these superpowers. Only a select few should have the ability to make significant changes to computer systems to reduce the risk of unauthorised access or mistakes.
6. Patch Operating Systems
Similarly to ensuring your computer’s software up to date (like Windows or macOS updates), a business need to regularly update their operating systems. This ensures they have the latest security patches and protections.
7. Multi-Factor Authentication (MFA)
MFA is like having two or more locks on a door. It adds an extra layer of security beyond just a password. Typically, it involves something you know (like a password) and something you have (like a smartphone that generates a unique code). This makes it much harder for hackers to access accounts even if they know the password.
8. Regular Backups
Implementing regular backups will help your business to recover and continue to operate, in the event of a cyber incident, such as a ransomware attack.
The Essential Eight provides a set of guidelines for businesses to strengthen their cybersecurity and other threats. By following these strategies, businesses can reduce the risk of cyberattacks and protect their sensitive data and systems from being compromised. How does your business rate? Need help to check how you fare on the Essential Eight? We can help, reach out to our team.