Australian Government Essential 8
The Australian Government has published the Essential 8 essential mitigation strategies to provide a baseline security framework for small business. While no mitigation strategies are guaranteed to protect against all cyber threats, the Essential 8 controls provide effective strategices which significantly reduce your risk of a successful cyber attack
Mitigation Strategy
What
Why
Application control
Checking programs against a pre-defined approved list and blocking all programs not on this list
So unapproved programs including malware are unable to start and preventing attackers from running programs which enable them to gain access or steal data
Patch Applications
Apply security fixes/patches or mitigations (temporary workarounds) for programs within a timely manner (48 Hours for internet reachable applications). Do not use applications which are out-of-support and do not receive security fixes
Unpatched applications can be exploited by attackers and in the worst case enable an attacker to completely takeover an application, access all information contained within and use this access to access connected systems
Configure MS Office macro settings
Only allow Office macros (automated commands) where there is a business requirement and restrict the type of commands a macro can execute. Also monitor usage of Macros.
Macros can be used to run automated malicious commands that could let an attacker download and install malware
User application hardening
Configure key programs (web browsers, office, PDF software, etc) to apply settings that will make it more difficult for an attacker to successfully run commands to install malware
Default settings on key programs like web browsers may not be the most secure configuration. Making changes will help reduce the ability of a compromised/malicious website from successfully downloading and installing malware.
Restrict administrative permissions
Limit how accounts with the ability to administer and alter key system and security settings can be accessed and used.
Administrator accounts are ‘the keys to the kingdom’ and so controlling their use will make it more difficult for an attacker to identify and successfully gain access to one of these accounts which would give them significant control over systems
Patch operating systems
Apply security fixes/patches or temporary workarounds/mitigations for operating systems (e.g. Windows) within a timely manner (48 Hours for internet reachable applications). Do not use versions of an Operating system which are old and/or not receiving security fixes
Unpatched operating systems can be exploited by attackers and in the worst case enable an attacker to completely takeover an application, access all information contained within and use this access to access connected systems
Multi-factor authentication
A method of validating the user logging in by using additional checks separate to a password such as a code from an SMS/Mobile application or fingerprint scan
Makes it significantly more difficult for adversaries to use stolen user credentials to facilitate further malicious activities
Regular backups
Regular backups of important new or changed data, software and configuration settings, stored disconnected and retained for at least three months. Test the restoration process when the backup capability is initially implemented, annually and whenever IT infrastructure changes.
To ensure information can be accessed following a cyber-security incident e.g. a ransomware incident).
How does your business comply?
