Introduction

Want to know how to protect yourself and limit the damage caused by a cyber attack? The Essential Eight was released by the Australian Cyber Security Centre (ACSC) and the Australian Signals Directorate (ASD) for just this reason. It is a prioritised list of actions that you can take to help limit the impact of cyber security incidents. 

The Essential Eight

The Essential Eight are broken down into three categories: preventing attacks, limiting damage if an attack does happen; recovering from an attack. They can be summarized as:

1. Only install software from trusted sources.
2. Keep your software up to date.
3. Configure Microsoft Office macro settings to block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
4. User application hardening. Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
5. Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing.
6. Keep your operating system (OS) up to date. Use the latest operating system version. Don’t use unsupported versions.
7. Use Multi-factor authentication (MFA, 2FA) for any web based systems or remote access to important systems.
8. Regular backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.

Conclusion

No single action can be guaranteed to prevent cyber security incidents, but the Essential Eight will make it much more difficult for attacks to be successful. The Essential Eight is recommended as a baseline in cyber security, i.e. it is a bare minimum. Like most preventative measures, using the Essential Eight will be more cost/time/effort effective than dealing with a major cyber security incident.

But beware, the Essential Eight seems so easy to implement that I think there is a risk that people dismiss the risk of damage from a cyber security incident. This isn’t the case, these simple steps can help you protect yourself or business from an attack, so do it today!

For more information visit: https://www.cyber.gov.au/acsc/view-all-content/publications/strategies-mitigate-cyber-security-incidents