Cyber Security Essential 8
What Does Your Business Need To Do?
Cyber-attacks have grown by 60% in the last 12 months and is a danger for businesses across all industries. If your business has just one cybersecurity incident, it can result in days of downtime and cost your company a lot of time and money. Not to mention a data breach can also cause issues with clients and make it difficult to regain public trust.
At CX IT Services we take security very serious and have recently teamed up with ACSC – Australian Cyber Security Centre/.
They have released eight different steps to boost cyber security measures for businesses. These steps are also known as the “Essential 8”. By implementing these mitigation strategies into your businesses it can aid it reducing cybersecurity risks to your business. So we proactively follow this guideline of the Essential8 as it will give our clients the best protection against cyber threats now and in the future.
Below is an overview of the ACSC’s Essential8.
Application Whitelisting
Application Whitelisting is a way to control what programs are allowed to be run in your company. At CX IT Services we can help identify which applications are permitted and create a whitelist for your computers. The main goal of application control is to prevent unsafe applications from deploying malware and causing a cybersecurity incidents in your company.
Patch Applications
Its a time consuming task keeping applications up to date is critical but we need to stay proactive against cyber threats and software vulnerabilities. Ensuring the latest updates for drivers and firmware are installed is also important in reducing the chance of a cybersecurity incidents. At CX IT Services we maintain our clients updates and install afterhours when its convenient, as many employees will delay downloading an update due to time constraints. It not only helps with improving security, but application updates can also release new features and improve performance to the software.
Configure Microsoft Office Macro Settings
Microsoft Office macros are a common method used to infect a computer with malware. By default it may allow macros to run so its important to configure these macro settings to reduce the risk of installing malicious. We block macros embedded in documents from any unverified sources, as a hacker can easily infect computers by using this method. Similar to Application Whitelisting we can set approved macros while restricting security reconfiguration for any macros by a user.
User Application Hardening
User application hardening is where the defaults of application installs are adjusted to reduce any risks. This can help minimize the risk of unexpected or malicious activity from applications, which is especially important for cyber security. At CX IT Services we have a list of common settings, policies we like to implement into businesses which help keep things running smoothly but securely.
Restrict Administrative Privileges
Admin accounts allow hackers to gain greater access to the entire computer system and network. Often we find privileged accounts are setup for many businesses, but they should never be used for checking email, downloading data, or accessing online services due to security concerns. By keeping these administrative accounts to a bare minimum this helps keep your network safe. Reviewing these access of users permissions is something that should be checked regularly.
Patch Operating Systems
Ensuring Windows has the latest patches for your computers is also very important for security vulnerabilities. Part of our Managed Services we monitor and install patch updates, which ensures each computer receives an update as soon as possible, instead of relying on each employee to download an update. This is another layer of security against cyber threats that is easy to implement and monitor by your IT Provider.
Multi-Factor Authentication
Multi-factor authentication is where you have at least two or more factors to authenticate access credentials for an account. Most websites have Multi-factor authentications or Two-Factor Authentication and we recommend enabling this where ever its available. This is an extra layer of security that is hard to get around if you use something like Microsoft Authenticator or Google Authenticator to receive a code upon logging in to a website.
Daily Offsite Backups
Ransomware attacks can hold your data ransom until a ransom fee is paid usually in cryptocurrency. Probably one of the best ways for your business to stay protected against cyber threats like ransomware is to have a daily offsite backups to the cloud. We suggest offsite in the cloud as its and extra layer of security and offsite means its less likely to be encrypted. Its also important to test these backups on a regular basis to ensure they are working correctly and that you have a good backup plan in place.
Cyber Security Essential 8 – What Does It Mean for Business?
So looking at the Essential8 there are many layers you can implement into your business. All these steps will greatly reduce the risk of a cyber incident impacting your business. There are also some further steps we recommend in our Cyber Essentials Plans to help reduce risks but also improve productivity with your daily operations of your business. Some of these steps requires an investment of time for your IT provider, but its completely worth the effort.
