Based on our experience, current work and research, we have prepared what we believe are the “Essential 8 Checklist”, being the 8 things you should be doing as a minimum to help keep your business protected from cyber threats.
If implemented properly, they could help mitigate up to 85% of cyber treats.
Essentially (no pun intended), The Essential 8 involve implementing policies and strategies within your business systems and applications so there is a reduced risk of an external party finding their way in without authorisation.
So, what are they?
Application whitelisting allows you to specify which apps are allowed to run on your system to prevent any malicious activity.
Keep your applications up to date – it will mean there are less vulnerabilities for those with bad intent to exploit.
Configure Microsoft Office macro settings
Sometimes malicious scripts are hidden in Microsoft files – if opened and run, a user could infect their whole company. Configuring the macros correctly means the scripts will be blocked from running.
User application hardening
Ensure that your web browser blocks apps such as Flash and Java means there are less ways for malicious code to enter your system through this popular deployment scheme.
Restrict administrative privileges
Regularly evaluate who has administrator or high-level access to your systems and whether they require that level of access as it will reduce the risk of one of those accounts getting compromised.
Patch operating systems
Keep up to date with the latest versions of operating systems – using unsupported/outdated versions means leaving your system open to vulnerabilities being exploited.
Enabling MFA for all users significantly reduces the risk of an account being compromised as the cybercriminal would need access to the device the authenticator is set up (usually a mobile) instead of just using the password.
Maintaining regular offsite backups for your critical systems and data means that even if you do experience a cyber incident, you will be able to recover quickly with minimal disruption to operations.
Whilst many of these items may seem a no brainer for some, it is very rare to see an organisation that has fully taken the opportunity to explore these guidelines and how they have or can be implemented into their business. As a company, we have built an extensive security review process that not only covers the Essential 8 model but also includes a plethora of additional checks and balances to provide you with a clear assessment of your security posture.
This enables us to build a security framework for your organisation that helps reduce risk and increase uptime.
For more information, feel free to contact us