Cyber threats are on the rise. While no business can ensure 100% safety from a cyber-attack, organisations are strongly advised to implement mitigation strategies to make it harder for cybercriminals to access their personal information.
The role of the Australian Cyber Security Centre (ACSC) is to operate as a trusted partner for businesses, government, and the community — working collaboratively with them to secure the digital economy.
In May 2022, Australian Financial Services licensee RI Advice was fined $750,000 for failing to adequately manage its cyber security risks, resulting in the compromise of several thousand people.
This has set a new precedent for cyber security, and all Australian businesses have been urged to ensure their compliance with the ACSC’s Essential Eight to mitigate cyber-threat risks.
What is the Essential Eight?
The ACSC’s Essential Eight strategic principles are designed to help businesses and government agencies understand the standards they must meet in order to securely adopt new technologies and stay compliant with mandatory cyber security policies.
The Essential Eight is a set of policies and procedures to mitigate the risks of cyber-attacks through preventative countermeasures. All eight strategies are considered equally important, and should be implemented so as to complement each other.
An appropriate level of cyber security is essential for all digital infrastructure, and an effective cyber security program is built on a foundation of risk management.
- Application whitelisting
Application whitelisting is a process that identifies and allows only authorised applications to run on a device. It provides a way to make the digital workforce more efficient by helping agencies ensure their employees use approved applications.
This ensures employees don’t risk accidentally using an unapproved application that could lead to serious consequences, such as storing sensitive information in an unapproved application.
- Patch applications
A patch application is a software update that fixes bugs, improves performance, and adds features. This helps agencies ensure that the applications they are using are up-to-date and patched against known vulnerabilities that could allow attackers to gain access to sensitive information.
- Configure Microsoft 365 macro settings
Microsoft 365 macro settings are a set of macros that can be used to automate tasks. These macros are designed to be specific for Microsoft 365 products, such as Word, Excel, and Outlook.
Configuring these settings helps agencies limit the amount and type of information that is stored in applications and helps reduce the risk of a data breach. With macros configured, an attacker would need to find the specific, sensitive information they are looking for in the applications that were previously stored with the macro.
- User application hardening
The goal of user application hardening is to make it difficult for an attacker to break into the system and damage data or steal information.
This principle is designed to help agencies who are using applications for work maintain the security of their data by ensuring that applications are up-to-date and updated frequently. In addition, application settings should be configured to help mitigate the risk of a data breach.
- Restrict administrative privileges
Administrative privileges are the power to make changes to system configurations and settings. They are used to perform system-wide tasks and configure the operating system, but they also provide access to all data on the computer.
Restricting privileges helps agencies protect sensitive information by limiting the permissions that applications and staff have, which in turn limits the damage cybercriminals can make if they take control of a device or user credentials.
- Patch operating systems
Patch operating systems is a term that refers to the process of updating the software on a computer. The changes are usually made in response to a security vulnerability in the operating system.
To help reduce the risk of a data breach, it’s important to update operating systems as soon as new patches are released.
- Multi-factor authentication
Multi-factor authentication is a security measure that requires users to present more than one item of identification before being allowed access. The most common form of multi-factor authentication is through text message with a code. This method requires the user to enter the code from their phone into the account they are trying to access.
This helps agencies mitigate the risk of a data breach by helping ensure that an attacker would need more than just one factor to access your account.
- Daily backups
Backing up your data every day will mitigate the risk of a data breach by ensuring that critical data is backed up and stored on a secondary device. This way, if your data is stolen or compromised, you have copies to help restore your systems.
Strengthening your business’ cyber security today
One of the first things that you need to do is to assess and document your overall cyber security risk. This will help you prioritise the areas of your business and systems that are most likely to be attacked.
Once you have identified the areas of your business that are at the highest risk of being breached, you need to make sure that you mitigate them as much as possible. Implementing the Essential Eight into your business will make it much harder for cybercriminals to gain access to your systems.
The cyber security specialists at Itopia can help you implement the Essential Eight mitigation strategies, train you and your staff on security best practises, and manage your networks end-to-end for round-the-clock monitoring of suspicious activity.
