Essential 8: Security Recommendations from The Australian Government
Every business, from one-person companies to organizations that hire thousands of employees, is in danger of becoming a victim of cyber-attacks.
Furthermore, cyber-attacks are no longer led by mischievous hackers trying to prove their power by hacking large organisations. Nowadays, the largest target for cybercriminals are small to medium size businesses because they often have poor security and are willing to pay a ransom to get their data back as is the case for the most common attack using Ransomware.
Still, there are security measures and mitigation strategies businesses and organizations can take to prepare for such an unpleasant event. True, there is no 100% foolproof defense against cyber threats, but with the right action plan in place, you have the chance to significantly reduce data loss and costs to a minimum.
Not to mention that these essential eight security recommendations are supported by the Australian government, which they believe every business should have in place.
The Essential Eight Security Recommendations
If you want to make sure you are on point with your security systems, here are the essential eight explained.
1. Application Whitelisting
Whitelist all the approved and tested programs that your company and employees use to get the work done and block/remove all the applications that are not needed. This way, you lower the risk of unknowledgeable staff running malicious programs by clicking on a link that looks harmless.
2. Patch Applications
If all the programs used on the company’s computers are up to date, the vulnerability in front of attacks is lowered. Patches and updates come with fixes for previously unknown vulnerabilities and reduce the risk of hackers finding back doors into your system. Having an automated application patching solution is ideal.
3. Configure Microsoft Office macro settings
It’s a commonly known fact that Microsoft Office macros can be used to deliver and execute malicious code. However, some companies can’t just block all macros, because their activity depends on working with highly customized Microsoft Office files.
The best approach, in this case, is to configure the settings so only vetted macros are allowed
4. Application Hardening
Configure all the apps used by members of your staff by removing any unnecessary features. For instance, you can block Flash ads and Java in web browsers because they are gateways used by malicious software to deliver security threats.
5. Restricting Administrative Privileges
Not everyone in your company needs to have administrative privileges! In fact, you don’t need these privileges to read the email or browse the internet.
Admin accounts give the user full access over the system(s) they control, so hackers will always go for them. On the other hand, if a device is infected, the malicious software will find it difficult to spread if the user doesn’t have administrative rights.
6. Patching Operating Systems
Many people tend to click that “Install later” button or even "turn off automatic updates" when it comes to updates for the operating systems, this is because it can be annoying for computers to restart during busy periods and sometimes Microsoft release updates that cause issues and have to quickly recall. But by not patching regularly is more of a risk.
When it comes to a business network, the practice is extremely harmful because malicious software is constantly looking for vulnerabilities to exploit and updates usually come with fixes for newly discovered problems.
Furthermore, you should never run an operating system that is no longer supported by the producer (see the Windows 7 End of Life situation)
7. Multi-Factor Authentication
Passwords alone are no longer 100% efficient in protecting your systems or network! Passwords are often hacked and leaked out on the dark web
As such, the recommended approach for a reliable security system is multi-factor authentication for local network and devices, but for remote access solutions (VPNs, RDP, SSH) & cloud services as well.
Multi-factor authentication is crucial in protecting the admin accounts of your network, but it’s also useful in increasing the overall level of safety in your business.
8. Daily Backups
Sometimes, in spite of all your efforts to keep the data secure, malicious software still goes through. In this case, you want to make sure you will be able to restore the lost information and continue your activity with the minimum amount of downtime as possible.
For this, you will need to perform daily backups of the data, processes, and files that are crucial for your organization. Best practices are to have both an onsite & offsite copy of your data.
The recent cyber-attacks on businesses everywhere have forced governments to get involved in the IT security niche. As such, even if you don’t think your business is at risk, it’s best to follow these eight essential recommendations and make sure your systems are up to date.
If you don’t know how, or you don’t have the time to run a full assessment, we can offer a free essential 8 review that will show if your business is compliant with the rules. Just give us a call or send us an email, and we’ll get in touch!