Cyber Security

What is the ASD Essential 8?

Organisations are recommended to implement the following eight essential mitigation strategies as a baseline.

Mitigation Strategies to Prevent Malware Delivery & Execution

Prevent execution of unapproved/malicious programs and installers.

Patch applications such as web browsers, PDF viewers and Microsoft Office within 48 hours. Always use the latest version of any application.

Configure settings to block macros from the internet and only allow trusted macros with limited write access.

Configure web browsers to block Flash, ads and Java on the internet. Disable unneeded features in applications such as Microsoft Office, web browsers and PDF viewers.

Mitigation Strategies to Limit the Extent of Cyber Security Incidents

Always follow least privilege principals and only give administrative rights for applications and operating systems to those that need it.

Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Always use the latest operating system version and never use unsupported versions.

Use multi-factor authentication for all web facing services, including Office 365, VPNs, RDP, SSH and other remote access methods, and for all users when they perform a privileged action or access an important data repository.

Mitigation Strategies to Recover Data and System Availability

Backup all data, software and configuration settings hourly and ensure a verified, offsite copy is retained daily. Retain this data for at least one year or as required by your relevant governing body or service provider. Ensure all backup storage is encrypted and airgapped from production environments, using separate credentials to access backup platforms. Test restoration at least monthly and when IT infrastructure changes.