Remember that excellent framework we recently delved into, Essential Eight? It’s an exceptionally comprehensive framework developed by the Australian Cyber Security Centre to help Australian SMBs protect themselves against various cyber threats.
So now you know why we think it’s so Excellent, maybe you want to learn a bit more about HOW it achieves this excellence?
As the name would suggest, it’s a selection of Eight strategies:
1. Patch applications & 2. Patch operating systems
We all see the pop ups telling us that our updates are due, how many of you skip past them? This seemingly simple but sometimes tedious task is actually so important to your cyber security that it takes out the first two spots of the Essential Eight. Whether it’s for your operating system (eg Windows or Mac) or a specific application (MS office, Adobe suite etc), as soon as a flaw aka vulnerability is found and made public, those sneaky cyber criminals can make quick work of developing a malicious code to take advantage of it within as little as one or two days! The app or operating system will release a “patch” and roll it into an update to fix the issue. So next time, just click accept on the update and take the opportunity for a forced tea break.
3. Multi-factor authentication
If you’re using Password123 for any accounts, we need to have a word privately. And you should probably read this article of ours on the importance of your team’s passwords. Simple passwords are just too easy to crack. But even if you’re a bit more password-savvy, you can almost guarantee that someone else in your business isn’t. And that’s where multi-factor authentication (or two factor authentication, 2FA) can help to compensate. It means using another platform (email, mobile phone, or a dedicated authenticator app) to confirm that you’re really you, any time you try to log into something. For the mild inconvenience of an extra second to log in, you’ll be one step closer to achieving cyber security excellence!
4. Restrict administrative privileges
Just like you wouldn’t give your house key out willy nilly, you also shouldn’t be giving top tier access to systems to just anyone. Before granting admin access to anything, you should consider whether that person truly needs access as a part of their role, and if they do, configure their access to the absolute minimum they actually require. It’s also worth doing regular reviews to make sure people don’t retain access longer than they need to, if their responsibilities or roles change over time.
5. Application control
The more applications you add to your IT ecosystem, the more opportunity for vulnerabilities to occur in your business. The best way to reduce your risk here is to identify approved applications for your business and restrict the ability for anyone to download anything outside of that list.
6. Restrict Microsoft Office macros
Macros are essentially shortcuts built into your Microsoft Office files through special code to automate and speed up repetitive tasks. They are also an opportunity for malicious tasks to also be automated. Some macros may be essential for your business, so you can set a tapered restriction on these, depending on your business’ operations.
7. User application hardening
On top of restricting the applications your team are able to download on their work systems (refer to #5) it’s still worth looking at the potential vulnerabilities in the applications that are approved. You can “harden” these by peeling back and restricting functionality that are most vulnerable to malicious use. An example might be web browsers blocking ads from the internet so you can’t inadvertently click on one that takes you to a website that could exploit your system.
8. Regular backups
Finally, Essential Eight reinforces that you should be doing regular backups so if you are a victim of a cyber security breach, so your business doesn’t lose too much momentum once repaired. But just backing up isn’t enough in itself, you want to be sure that your backups are as secure as possible (psst – that’s in the cloud!)
Reading all these measures might make implementing the framework feel like a complex task, and it might be if it wasn’t what you did day in day out.
Enter: Xenex Systems. We’re here to help you work smarter, not harder. Cyber security is our bread and butter, so why not give us a call today and we’ll run a free audit to see how your business stacks up.