For those who are unaware, the Australian Signals Directorate (ASD) is part of the Australian government (Australian Intelligence Community) responsible for things such as securing information, cyber combat, and military support.

Revised in 2017, the ASD’s “Top 4 recommendations” around cyber security best practices became the ASD Essential 8, being the 8 things you should be doing as a minimum to help keep your business protected from cyber threats. According to the Australian Cyber Security Centre, if implemented properly, they help to mitigate up to 85% of cyber threats.

Essentially (no pun intended), The ASD Essential 8 involve implementing policies and strategies within your business systems and applications so there is a reduced risk of an external party finding their way in without authorisation.

So, what are they?

  1. Application control
  2. Application whitelisting allows you to specify which apps are allowed to run on your system to prevent any malicious activity.  

  3. Patch applications
  4. Keep your applications up to date – it will mean there are less vulnerabilities for those with bad intent to exploit.

  5. Configure Microsoft Office macro settings
  6. Sometimes malicious scripts are hidden in Microsoft files – if opened and run, a user could infect their whole company. Configuring the macros correctly means the scripts will be blocked from running.

  7. User application hardening
  8. Ensure that your web browser blocks apps such as Flash and Java means there are less ways for malicious code to enter your system through this popular deployment scheme.

  9. Restrict administrative privileges
  10. Regularly evaluate who has administrator or high-level access to your systems and whether they require that level of access as it will reduce the risk of one of those accounts getting compromised.

  11. Patch operating systems
  12. Keep up to date with the latest versions of operating systems – using unsupported/outdated versions means leaving your system open to vulnerabilities being exploited.

  13. Multi-factor Authentication
  14. Enabling MFA for all users significantly reduces the risk of an account being compromised as the cybercriminal would need access to the device the authenticator is set up (usually a mobile) instead of just using the password.

  15. Daily backups
  16. Maintaining regular offsite backups for your critical systems and data means that even if you do experience a cyber incident, you will be able to recover quickly with minimal disruption to operations.

    The ACSC has developed a “Maturity Model” in which there are 3 different levels depending on how much of the essential 8 guidelines you implement in your business. You can find a breakdown of what counts towards each level in their eBook here. It is recommended that all businesses aim to reach level 3 for all 8 components as a minimum.

    They should not be considered a checklist strategy but implemented as a whole – they are designed to work together, not individually. If you haven’t already implemented any of the strategies in your business, then it is strongly recommended you do this ASAP.

    Whilst many of these items may seem a no brainer for some, it is very rare to see an organisation that has fully taken the opportunity to explore these guidelines and how they have or can be implemented into their business. As a company, ONGC has built an extensive security review process that not only covers the ASD essential 8 model but also includes a plethora of additional checks and balances to provide you with a clear assessment of your security posture. This enables us to build a security framework for your organisation that helps reduce risk and increase uptime. Give us a call to see how you can improve your security posture.