The Essential Eight
The Essential Eight is a set of baseline strategies recommended by the Australian Cyber Security Centre (ACSC) to help organizations mitigate cybersecurity risks and protect against common cyber threats. These strategies are designed to improve security in a structured way and are primarily aimed at reducing the risk of attacks like ransomware, malware, and phishing. The Essential Eight includes the following measures:
- Application Control: This helps prevent unknown or harmful programs from running on your devices. Think of it as a bouncer who only allows trusted apps to work, blocking any suspicious software from causing damage.
- Patch Applications: Just like updating your phone’s software, keeping all applications (e.g., Word, web browsers) updated ensures they’re secure. Updates often fix vulnerabilities that cybercriminals might exploit.
- Configure Microsoft Office Macro Settings: Macros are small programs within Office apps like Excel or Word. They can be helpful but also risky if misused by attackers. By setting up macros safely, you only allow the ones you trust to run, reducing the risk of malware.
- User Application Hardening: This step involves turning off features in apps that attackers could exploit. For instance, disabling Flash and Java (outdated plugins) in your browser helps prevent infections from malicious websites.
- Restrict Administrative Privileges: Limiting admin access to just those who need it helps protect critical system settings. It’s like having a security lock that only a few can access, which prevents unauthorised changes by attackers.
- Patch Operating Systems: Just like with applications, your operating system (OS), such as Windows or macOS, needs regular updates. Keeping your OS updated means you’re protected against known security issues.
- Multi-factor Authentication (MFA): Implement MFA to ensure that users need more than just a password to access sensitive systems and information.
- Daily Backups: Regularly back up important data to recover from attacks such as ransomware and ensure business continuity.
By implementing the Essential Eight, organizations can significantly enhance their cybersecurity posture and reduce the risk of cyber incidents. These strategies are designed to be scalable and adaptable based on the organization’s size and risk profile. Contact us if you require help implementing ACSC Essential Eight.