For many organizations, especially small businesses, the thought of starting any kind of cyber security program can seem daunting. With all of the threats out there, what are the most important, most effective actions we can take to bolt the virtual doors against the forces of evil?
Fortunately, our antipodean friends at the Australian Cyber Security Center (ACSC) have put together a great blueprint for a basic security program: The Essential Eight – a list of mitigations (guess how many) for cyber security incidents.
If you are starting your security program from scratch, or if you are looking for help determining where to spend your security dollars, the eight steps listed here are a great place to look for inspiration:
- Application whitelisting
- Patches and upgrades to operating systems
- Patches and upgrades to applications
- User application hardening
- Configuring Microsoft Office Macro Settings
- Restricting administrative privileges
- Multi factor authentication
- Daily backups
Of all of the steps recommended by the ACSC, application whitelisting (preventing all apps except those you have pre-approved) is the most difficult, both from a technical point of view and from a user experience point of view. Many smaller organizations may not be able to pull off this one initially, but that doesn’t mean that you shouldn’t get right on the other seven. I sort of wish that app whitelisting was listed last so as not to discourage folks right out of the gate.
The Essential Eight are a great foundation for a security program whether you are a freelance professional or in charge of security for thousands.