The Australian Cyber Security Centre (ACSC) has developed strategies to help organisations protect themselves against various cyber threats.  The most effective of these mitigation strategies are the Essential Eight. 

There are multiple levels of ‘maturity’ meaning, what level of security an organisation is required to have.  Here is a brief outline of the Essential Eight to keep your business cyber safe.  

Southern Computer Co., staff have created a priority list of clients which we intend to work through starting on Tuesday 4th October.  For those that use the Rainmaker model, many of these elements have been part of the Rainmaker platform for many years and only small adjustments will be necessary.  For those not on the Rainmaker network, now might be a time for you to update and take advantage of this very secure resource. 

Essential Eight

  1. Application Control | Applications such as software libraries, scripts, installers, compiled HTML and HTML applications should only be available on workstations with admin control, not for standard user profiles.  

  2. Patch applications | Patches or updates for security vulnerabilities in internet-facing services are applied as soon as possible.    

  3. Configure Microsoft Office macro settings | Such as: disabling Microsoft Office macros for users that do not have a demonstrated business requirement. 

  4. User application hardening | Ensure that: Web browsers do not process Java from the internet. Web browsers do not process web advertisements from the internet. Internet Explorer 11 does not process content from the internet. Web browser security settings cannot be changed by users. 

  5. Restrict administrative privileges | Such as: Privileged users use separate privileged and unprivileged operating environments.  Unprivileged accounts cannot logon to privileged operating environments. 

  6. Patch operating systems | Patches and updates for security vulnerabilities in operating systems of internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. 

  7. Multi-factor authentication | multi-factor authentication is used by an organisation’s users if they authenticate to their organisation’s internet-facing services and all accounts. 

  8. Regular backups | Backups of important data, software and configuration settings are performed and retained in a coordinated and resilient manner in accordance with business continuity requirements.