COVID-19 created an immediate demand for organisations to adopt a remote working model, this coupled with the widely publicised security breaches on Australian government agencies and businesses has elevated the cyber-security discussion, reaffirming the importance of aligning to the ASD Essential Eight.
So… these eight controls, why are they “essential” and which ones are of most importance to your business?
The Essential Eight controls are broken down into three maturity models, from level one to level three that relate to industry compliance. It is recommended by the ACSC that organisations should reach maturity level three for each of the eight controls.
What are the Essential Eight Controls?
| Application Control | Application control to prevent the execution of unapproved/malicious programs |
| Patch Applications | Patch computers with critical vulnerabilities and use the latest versions of applications |
| Configure Microsoft Office macro settings | Configure Microsoft Office macro settings to block macros |
| User application hardening | Configure web browsers to block Flash and Java. Disable unnecessary features in applications |
| Restrict administrative access | Restrict administrative access to operating systems and applications based on user duties |
| Patch operating systems | Patch operating systems with critical vulnerabilities within 48 hours |
| Multi-factor authentication | Enforce multi-factor authentication for VPNs, RDP, SSH, and other remote access, and all users |
| Daily backups | Daily backups of essential data and retained for at least three months |
Benefits of Essential Eight Implementation
While the Essential Eight is not a complete framework, it does include practical implementation of tools and techniques that will significantly improve overall security posture. Common threats such as ransomware, phishing and exploitation of systems are mitigated due to the practical and direct approach, which results in organisations receiving the maximum benefits from their cyber security investment.
blueAPACHE’s FREE Essential Eight Security Assessment
Implementing the Essential Eight requires a high degree of understanding of the organisation’s risk profile, particularly where maturity level three is achieved. blueAPACHE’s expert team work with organisations to provide tailored advice to meet their specific needs in the most cost-effective manner, providing a solution that is fit for purpose. Getting started is as easy as booking a FREE Essential Eight Security Assessment, identifying the steps your organisation can take to fill any gaps.
Contact us today to book in a FREE Essential Eight Security Assessment with one of our expert security consultants.