If you’re a business owner or IT Manager, you’ve probably heard of the Essential 8 Maturity model, and true to its name it’s essential you understand what it means for your business.
Why do I need the Essential 8?
The Essential 8 framework is designed to reduce the risk of cyber attacks. Whilst it doesn’t cover every element of cyber security, it encompasses many of the main strategies to protect your business and keep you up to date with developing threats in the cybersecurity landscape.
The Essential 8 is currently mandatory for organisations with higher security risks, but, it will likely soon become mandatory for all Australian businesses.
What maturity level should I be?
With the ranking system beginning at Level 0, which signifies weaknesses in the organisation’s cyber security posture, and increasing to Level 3, the minimum level your business should aim for is Maturity Level 1, which is where the Essential 8 comes into play.
What is the Essential 8?
The Essential 8 is a list of eight strategies to mitigate cyber security incidents and protect your Internet-connected networks – regardless of the operating system you are using. Here’s a straightforward list of what the eight actually are:
- Application Control/Whitelisting: this allows you to set and approve the programs that can run on your computers and networks. Whitelists protect from malicious code, including executable files that can unknowingly be activated by clicking on emails and links.
- Configure Microsoft Office Macro Settings: macros can be handy for automating tasks, however they can also contain and activate malicious code. Restricting access to staff, and ensuring that any certificate used to digitally sign the macro is trustworthy, or having the macro screened by antivirus software, will limit their chance of causing damage.
- Patch Applications: patching means your system stays updated to the latest software version and avoids known bugs or leaks that hackers can use to break in.
- User Application Hardening: decide and limit what an application is allowed to do on your system. Disable any features that aren’t used by your business.
- Restrict Administration Privileges: allow employees access only to applications and systems needed for their duties. Unnecessary access to computers should be limited.
- Multi-factor Authentication: the requirement for more than a simple username and password, including verification via a secondary device or process, making it much more difficult for unauthorised access to be successful.
- Patch Operating Systems: upgrade to the newest operating system and patches as soon as they are available.
- Daily Backups: the best practice includes three types of backup, on two types of media, with at least one backup being offsite. Backups mean your data and software are more likely to be recoverable, with your business back on track sooner.
Is the Essential 8 is all I need?
It’s a great start. Getting this framework in place will take you a long way toward the goal of securing your networks. However, it’s only some of what you need to do. If you’re serious about protecting your business, you need a strategy that you continually refer to and current expertise to feel secure in the knowledge that you’re doing everything you can to defend your business against threats.
How Calvert Technologies can help
Calvert includes a thorough cyber security strategy as part of your managed services plan. Not only do we identify and fix issues before they become a problem – we can implement an Essential 8 review to find out what your cybersecurity plan could be doing better.
For a complimentary, no-obligation discovery consultation, contact us to find out how Calvert Technologies can assist your business.