The Essential Eight: tackling security vulnerabilities in the era of hybrid work
Previously, we’ve looked at the top strategies for businesses to stay secure in 2021. In this post, we’ve partnered with HP & Intel® to explore the unique challenges for IT professionals supporting their teams in a hybrid working environment and how the Essential Eight strategies can help.
It’s fair to say that despite a lot of noise from cybersecurity professionals over the last decade, most SMBs have remained somewhat inconsistent when implementing good security hygiene. A 2020 study by the Australian Cyber Security Centre (ACSC) found that almost half of SMBs rated their cybersecurity understanding as ‘average’ or ‘below average’ and had poor cybersecurity practices.
However, the COVID-19 pandemic (and the subsequent transition to working from home) left many of these businesses facing the inevitable: they needed to address their security vulnerabilities… and fast. Many IT staff faced an uphill battle when protecting their teams from targeted threats, and cybersecurity practices and education quickly changed from ‘nice to have’ to an essential.
Over a year later, these same SMBs are now juggling a hybrid working environment, with employees splitting their time between working from home and the office. With this change in working arrangements came a whole host of challenges for CIOs and IT staff, including:
- Team members accessing business databases and networks from personal devices or on unsecured internet connections.
- The loss of corporate and social defences against phishing attacks and ransomware.
- The fast adoption of team collaboration software, without proper consideration for security threats.
- The risk of missing or delaying a critical security patch on an endpoint device.
To address these challenges, we’ve partnered with HP & Intel® to demonstrate how adopting the Essential Eight strategies can support your SMB to protect yourself and your employees against these unique cyber threats. Let’s dive in!
Adopting the Essential Eight strategies
In 2017, the Australian Cyber Security Centre (ACSC) first published the Essential Eight (E8) — a set of prioritised strategies that support organisations to protect themselves against cyber threats. While these strategies aren’t comprehensive (you may need to consider other mitigation strategies, depending on your unique requirements), they do form an excellent baseline for keeping your small to medium-sized business (SMB) secure from targeted attacks.
These strategies are particularly critical to implement when your staff are working away from the office and at risk of using endpoint devices in a way that may compromise your organisation. The strategies include:
- Application control — creating an approved list of software and tools that can run on your business devices.
- Patch application — a process where you will quickly and regularly apply updates to all third-party applications.
- Configure Microsoft Office macro settings — limiting all users’ ability to create macros.
- User application hardening — limiting user applications.
- Restrict administrative privileges — defining and monitoring administration access to software and tools.
- Patch operating systems — a process where you will quickly and regularly apply the latest updates to operating systems.
- Multi-factor authentication — ensuring there are at least two layers of protection for all business logins.
- Regular backups — automatically backing up essential data, software, files and settings and storing them for at least three months.
By adopting these strategies, you’ll defend your business against approximately 85% of all cyberattacks, from phishing scams or ransomware to stealing confidential information. The ACSC report estimated that companies lose over $300 million each year from cybercrime, which is usually a direct result of poorly implemented (or non-existent) cybersecurity measures.
If you’re unsure where you stand regarding your cybersecurity, the ACSC has also provided a convenient Maturity Model, which your business can use to assess where you stand and where you need to improve.
Maintaining business continuity using the Essential Eight
One of the biggest concerns when it comes to hybrid work arrangements is maintaining business continuity. Most companies consider operational outages a given, especially when employees are working away from the office, and most businesses expect that they’ll be back up and running very quickly.
However, a cybersecurity attack can jeopardise all business operations, and you may be unable to work until you resolve the attack. A recent example is the cyberattacks on UnitingCare Queensland that left staff members unable to communicate or even complete simple yet necessary tasks, such as inserting a cannula.
By adopting the Essential Eight strategies, you’ll be prepared to maintain business continuity by significantly reducing cyber risks, as well as maintaining an adequate backup of essential data that can keep your business operational during the attack.
Enlisting expert help to adopt the Essential Eight framework
Adopting the Essential Eight Mitigation Strategies isn’t just best practice for SMBs — it is also incredibly cost-effective compared to navigating a cybersecurity incident. Data breaches are not only expensive, but they can cause you to lose customers, affect your reputation and cost you and your staff valuable time.
By aligning your business with a cybersecurity expert, you’ll be much more prepared to ward off attacks, and you’ll be in a much better position to recover should you find yourself faced with a breach. By enlisting the experts, you’ll know exactly where you stand regarding the Essential Eight Maturity Model and how to achieve the protection that your business requires.
Blackbird IT offers comprehensive cybersecurity advice, implementation and training for every business. We’ve partnered with some of the best in the industry, including HP, to set you up with the most secure infrastructure right from the start. Our goal is to enable a security-minded culture within the Australian business community, including supporting you to adopt all strategies within the Essential Eight.
Maintaining your cybersecurity practices for the long run
Once you’ve implemented every security strategy within the Essential Eight, you’ll need to set up protective measures to maintain them for the foreseeable future. The number one priority should be staff education — this includes every department, from the top down. Because you will likely continue to add more software and tools to your network, and because more and more security threats will present themselves, you’ll need momentum to keep your best practice for your cybersecurity in place.
There will likely be different security maturity across varying levels of your organisation, which you’ll need to consider when performing your Maturity Model assessment. As a baseline, you can educate your staff on the importance of multi-factor authentication (MFA), mandating MFA for all business logins, and recommending them for all personal logins. You should also implement password standards and regularly remind staff about phishing emails — especially if they are working away from the office.
Many businesses will want to demonstrate to their customers that they’ve adopted the Essential Eight strategies into their cybersecurity practice. It’s reassuring to clients that you’re taking their data protection seriously, and it helps you grow your business. While there is no Essential Eight Maturity certification, Blackbird IT can support you to complete an ISO 27001 accreditation process. ISO 27001 certification demonstrates that you have not only covered the baseline mitigation strategies outlined in the Essential Eight but that you have adopted best practices around access controls, documentation, auditing and protection of data.
If you’re convinced that your cybersecurity needs a tune-up (or a complete overhaul), Blackbird IT has partnered with HP & Intel to offer you a comprehensive Security Risk Audit on your endpoint business devices. This audit will allow us to determine where your vulnerabilities lie and the most significant risks we’ll need to address first.
Through our strategic partnership with HP & Intel, we’re helping businesses all over South Australia to prevent cybersecurity attacks. If you’re interested, just provide us with a few key details, and we’ll organise your audit as soon as possible. There’s no reason to wait — let us help get your business as secure as possible.
The Intel logo is a trademark of Intel Corporation or its subsidiaries.
About Blackbird IT
Blackbird IT strategically implements technology in workplaces to deliver powerful operational efficiencies, competitive advantage and innovation for every business. See some of our client case studies and partnerships here. Enabling a security-minded culture for the Australian business community is our goal and we pursue an outcome-driven approach for managing all your technology needs, and to help you realise your potential.