Essential Eight cyber security strategies affecting Australian businesses

The Australian Cyber Security Centre (ACSC) has released the updated Essential Eight strategies that apply to all Australian businesses. They have been recently revised due to an increase in cyber-attacks, targeting small and big business. The updating of the Essential Eight was achieved in consultation with industry.

The Essential Eight strategies have three maturity levels which show the level of compliance with each strategy.  

The Essential Eight Strategies

These strategies are baseline approaches to minimise cyber security risks for Windows-based networks, which were originally developed in 2017. These will become compulsory for all Australian businesses, the date has yet to be confirmed.

The strategies help to prevent, limit the extent, and recover data & systems quickly in the case of attacks. Attacks have become more frequent in recent years and target businesses of all sizes.

1. Application whitelisting

To stop the threat from unknown/unapproved software. This strategy allows only for trusted and approved software to be run on business computers to stop attacks. Attackers can use software to send out malicious code and by blocking these you can stop potential threats.

2. Patch applications

To resolve security vulnerabilities quickly. Patches fix issues within software and applications, so it’s important to update these within 48 hours, to minimise any attacks through these means. Third party apps like Microsoft 365 are updated regularly by businesses, however all software and apps need to be updated within that time too.

3. Configure Office macro settings

To prevent attacks through unknown macros. This strategy states that by changing your macro settings and blocking non-trusted macros, organisations can prevent attacks. Cyber-attacks can occur when malicious code is embedded in a macro, and these are then executed by users in your business environment. By blocking these unknown macros, you can prevent these attacks from occurring.

4. User application hardening

To prevent attacks. This strategy states that businesses should change settings within Microsoft Office and web browsers to block particular content. Attackers can use these means to send out malicious code affecting your business or holding you to ransom.

5. Restrict administration privileges

For all your users. This strategy refers to limiting the access of users and only assigning administrator rights to users who actually need it. By giving users the minimum permission level needed, you limit the number of admin accounts that attackers can use to access your servers and systems and cause business chaos.

6. Patch operating systems

Quickly to prevent malicious acts. Patches for servers, operating systems and devices are distributed to fix known security vulnerabilities. By installing these patches within a 48-hour period, you can prevent attacks through these vulnerabilities.

7. Multi-factor authentication

For extra security. Multi-factor authentication of MFA refers to two layers of protection when accessing systems. First is the person’s username and password, then a second method to verify that it is actually them. For example, a code sent to their business mobile.

8. Backups

Perform daily backups of important data, software and settings, and retain them for at least three months. Testing the backups and restores is important to ensure you can be up and running, in the case of a cyber-attack incident occurring.

What Are The Essential Eight Maturity Levels?

The levels within the Essential Eight strategies show the compliance of your cyber security practices to the model. The three levels are:

  • Maturity Level 1 – Partly aligned with the intent of the mitigation strategy
  • Maturity Level 2 – Mostly aligned with the intent of the mitigation strategy
  • Maturity Level 3 – Fully aligned with the intent of the mitigation strategy.

More information can be found on the ACSC website.

Why Australian Businesses Need To Take Note

The Essential Eight strategies (and maturity levels) apply to all Australian business. It’s not just about complying with them, they also aim to prevent cyber-attacks which are aimed at businesses. These attacks are becoming more frequent and can cripple a business.

Unauthorised access of confidential business information can mean loss of clients and damage to business reputation. And it can also increase insurance premiums for those businesses who are not implementing measures to prevent attacks.

Whatever your requirements, RODIN can help you and your team stay safe, compliant and connected. We have more information available on our cyber security webpage.

Subscribe to Our Newsletter

Sign up to receive all the latest news updates straight into your inbox.

Name*