Get Cybersecurity Done Right - Essential 8 Framework

Written By Billie Brown-Wahanui

Cybersecurity is of utmost importance in our increasingly interconnected and digital world. As technology advances and businesses, governments, and individuals become more reliant on digital platforms, the need to safeguard sensitive information from cyber threats has become critical.

There is currently a lot of talk about cyber security and what’s needed to keep businesses safe. There are many different viewpoints led by different businesses on what is important in terms of cyber security. This can make implementing cyber security in businesses complicated and uncertain.

At Houston, we think that creating a standard or framework for cyber security is really helpful. With many frameworks existing currently is very overwhelming for Kiwi businesses to get started on their cyber journey. There are currently no published guidance by the New Zealand government however the Australian Government has created ‘essential 8’ which is a good place to start for creating a cyber security approach for your business.

What are the ‘Essential 8’ steps to cyber-security?

Approaches and frameworks like these are helpful to begin a cyber journey for a Kiwi business however cyber security isn’t a one-size-fits-all for every business. It is important to remember that businesses need their own cyber security approach to best suit the practices of their business.

Application Control

Create a list of apps and programs that are authorised and safe to use within your organisation. This minimises the risk of malware. Malware can disrupt, damage or gain access to your systems. Make sure to review apps regularly and have systems to block unauthorised apps.

Patch Applications

If there is a security vulnerability in an application used by an organisation, it can enable adversaries to execute malicious code, which can result in significant consequences for an organisation. With your authorised applications, make sure that those applications are always updated and vulnerability scans are done regularly to help identify where issues are before they happen.

Restrict Admin Privileges

Users with admin privileges can make changes to applications and access sensitive data. Restricting administrative privileges makes it more difficult for malicious actors to elevate privileges, spread to other hosts, hide their existence, persist after reboot, obtain sensitive data or resist removal efforts. It also creates an environment that is more stable, predictable and easier to administer and support.

Patch Operating System

Patching operating systems is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to their devices and sensitive information. Patches improve the security of operating systems by fixing known vulnerabilities. Cybercriminals exploit vulnerabilities as soon as they are publicly disclosed so organisations should patch applications as a priority.

Configure Microsoft 365 Macros

Macros can be handy for automating tasks, however they can also contain and activate malicious code.

Restricting access to staff, and ensuring that any certificate used to digitally sign the macro is trustworthy, or having the macro screened by antivirus software, will limit their chance of causing damage.

Multi-Factor Authentication

Multi-factor authentication (MFA) is a security measure that requires two or more proofs of identity to grant you access. Multi-factor authentication typically requires a combination of something the user knows (PIN) something you have (card, token) or something you are (fingerprint or other biometric). MFA offers significantly more powerful security and protection against criminals. Cybercriminals might manage to steal one proof of identity such as your PIN, but they still need to obtain and use the other proofs of identity to access your account.

User Application Hardening

Almost all users that utilise a computer will use a web browser, office suite and PDF viewer. Most of these applications have insecure default settings, primarily intended for use by consumers. User Application Hardening is the process of disabling the unnecessary or high-risk functions in these common programs to make exploitation less likely, while still allowing them to be used by an organisation.

Daily Backups

Backups can be the last line of defence for an organisation that falls victim to a cyber-attack as without a backup, restoring operations may be impossible – potentially ending an organisation. Adversaries are aware of the importance of backups and will seek to disable them before executing their primary attack. It’s important to encrypt backup data and apply the same or better access restrictions as to production systems to prevent unauthorised access.

Connect with us:

If cyber security is on your mind and you would like to talk to one of our consulting team members to discuss your cybersecurity, please feel free to contact us so we can help you make informed decisions to implement the best cyber security practices individualized to your business.

Billie Brown-Wahanui
Previous

Small Holes Sink Big Ships - Business Continuity
Next

Microsoft Copilot: Your assistant for solving complex work problems.