What is the Essential Eight from the Australian Cyber Security Centre (ACSC)?
In the ever-evolving landscape of cyber threats, organisations need a robust and adaptable defence strategy. The Australian Cyber Security Centre (ACSC) has developed a set of baseline security practices known as the Essential Eight to help businesses mitigate the risk of cyber incidents. These strategies are not just theoretical; they are practical, actionable measures that can significantly enhance an organisation’s cybersecurity posture. At Aegis Cybersecurity, we specialise in helping businesses implement and optimise these essential measures, ensuring your organisation remains secure and resilient.
1. Application Whitelisting
Application whitelisting is the practice of specifying an approved list of software applications that are permitted to run on your systems. By allowing only trusted applications, you can prevent malicious software and unapproved applications from executing. This measure is crucial in blocking ransomware and other types of malware that could compromise your data integrity and availability.
2. Patch Applications
Regularly updating software applications to the latest versions is critical in closing security gaps. Cyber attackers often exploit vulnerabilities in outdated software to gain unauthorised access to systems. By applying patches promptly, you reduce the risk of exploitation. Aegis Cybersecurity can assist in creating an effective patch management process to ensure your applications remain secure.
3. Configure Microsoft Office Macro Settings
Macros are powerful tools within Microsoft Office applications that can automate repetitive tasks. However, they can also be exploited by attackers to execute malicious code. Configuring macro settings to block macros from untrusted sources reduces the risk of such attacks. Our team at Aegis Cybersecurity can help you configure these settings to balance functionality and security.
4. User Application Hardening
Hardening user applications involves making configurations to reduce vulnerabilities and prevent exploitation. This includes disabling features that are not required, such as Flash, Java, and web advertisements, which are common vectors for malware. Our experts can guide your organisation in identifying and disabling unnecessary features to enhance security.
5. Restrict Administrative Privileges
Administrative privileges should be limited to those who genuinely need them. Cyber attackers often target administrative accounts to gain extensive control over systems. By restricting these privileges, you can minimise the potential damage from an attack. Aegis Cybersecurity can help you implement policies to manage and audit administrative access effectively.
6. Patch Operating Systems
Just like applications, operating systems must be kept up-to-date with the latest security patches. Unpatched operating systems are prime targets for attackers. Regularly updating your operating system is a fundamental step in protecting your infrastructure. Our team can assist in establishing a comprehensive update management strategy.
7. Multi-Factor Authentication
Multi-factor authentication (MFA) adds an extra layer of security by requiring users to provide two or more verification factors to gain access. This could include something they know (a password), something they have (a security token), or something they are (biometric verification). Implementing MFA makes it significantly harder for attackers to gain access, even if they have compromised a password. Aegis Cybersecurity can help you deploy MFA across your organisation to enhance security.
8. Regular Backups
Regularly backing up important data ensures that you can recover from data loss incidents, such as ransomware attacks or hardware failures. Backups should be stored securely and tested periodically to ensure they can be restored effectively. We can help you establish a robust backup strategy that ensures your critical data is safe and recoverable.
Compliance and Penalties
Compliance with the Essential Eight is not just a best practice; it is often a contractual or tender requirement. Failing to adhere to these baseline security measures can result in significant penalties, including fines and legal action (as they demonstrate negligence), especially if a breach occurs due to non-compliance. Beyond financial repercussions, non-compliance can damage your organisation’s reputation and erode customer trust. At Aegis Cybersecurity, we understand the complexities of regulatory requirements and can help ensure your business meets all necessary standards, protecting you from the costly consequences of non-compliance.
How Aegis Cybersecurity Can Help
Read how we improved our client’s cybersecurity posture.
CONTACT US
Your most intelligent cybersecurity defence starts with Aegis.
Contact us to find out how we can help you.