The Secure Business
The Small Business Guide to the Essential Eight: A Plain-English Checklist
Navigating Australian cybersecurity requirements can be daunting. We break down the ACSC's Essential Eight into a simple, actionable checklist for SMBs.
For many Australian small businesses, cybersecurity can feel overwhelming. The Australian Cyber Security Centre (ACSC) has developed the "Essential Eight" as a baseline set of mitigation strategies to make it simpler. Think of it as the minimum standard to protect your business from the most common threats.
What are the Essential Eight?
The Essential Eight are grouped into four main categories aimed at preventing malware delivery, limiting the extent of incidents, and recovering data. Here’s a plain-English breakdown:
- Application Control: Only allowing approved and necessary applications to run on your computers. This stops unauthorised or malicious software from executing.
- Patch Applications: Keeping your software (like web browsers, Microsoft Office, etc.) updated. Patches fix security holes that attackers love to exploit.
- Configure Microsoft Office Macro Settings: Blocking macros from the internet, as they are a common way for ransomware to be delivered via email attachments.
- User Application Hardening: Configuring web browsers to block risky content like ads and Flash, and disabling unneeded features in programs like Office and PDF viewers.
- Restrict Administrative Privileges: Ensuring staff only have the level of access they absolutely need to do their jobs. This limits what an attacker can do if they compromise an account.
- Patch Operating Systems: Just like patching applications, keeping Windows and macOS updated is critical to fix security flaws.
- Multi-Factor Authentication (MFA): Requiring a second form of verification (like a code from a phone app) to log in. This is one of the most effective ways to stop unauthorised access.
- Regular Backups: Regularly backing up your important data and ensuring you can actually restore it. This is your safety net in a worst-case scenario like a ransomware attack.
Implementing the Essential Eight is the single most effective thing you can do to improve your business's cyber resilience. At Akinary, we specialise in helping businesses assess their current posture and implement these controls in a practical, affordable way.