Essential Eight - Modern Desktop - Your IT, Our Expertise

Important first steps to protect you from cyber-attacks and ransomware

The Essential Eight is a framework and set of recommendations created by the Australian Cyber Security Centre of the Australian Signals Directorate to help improve your readiness and preparation in the event of a cyber attack.

By prioritising the eight most basic mitigation strategies, the ACSC hopes to help organisations protect themselves and avoid disastrous outcomes caused by hacking and cyber attacks. Implementing the Essential Eight now also saves you the pain, time and money of responding to a major cybersecurity incident on your own.

It is likely that soon all organisations in Australia will be required to disclose their Essential Eight Maturity Level and demonstrate compliance with these most basic preventative measures. Wherever you are in your cyber security journey — whether you are sophisticated and experienced, or just starting out — we can help you level up and improve your security posture.

The Essential 8 Explained

1. APPLICATION PATCHING

Use the latest version of applications and patch all web browsers, Microsoft
Office, Java and PDF viewers. Patch computers with ‘extreme risk’ vulnerabilities within 48 hours

2. APPLICATION CONTROL

Prevent execution of all unapproved and malicious programs, including .exe, DLL, scripts and installers

3. MULTI-FACTOR AUTHENTICATION

Turn on MFA for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important data repository.

4. RESTRICT ADMINISTRATIVE PRIVILEGES

Tightly manage privileges and access to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.

5. MICROSOFT OFFICE MACRO SETTINGS

Block macros from the Internet, and only allow vetted macros, either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.

6. USER APPLICATION HARDENING

Configure web browsers to block Flash, ads and Java. Disable unneeded features in Microsoft Office (e.g. OLE), and in web browsers and PDF viewers.

7. OPERATING SYSTEM PATCHING

Patch all computers and network devices with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions.

8. DAILY BACKUP AND RECOVERY STRATEGY

Perform daily backups of important new/changed data, software and configuration settings. Store backups disconnected from the Internet and retain them for at least three months. Test restoration initially, annually, and when IT infrastructure changes.