skip to main content
  • Business Intelligence
  • Growth
  • Customers
  • Productivity
  • Business IQ
  • Trends
  • Success Stories
  • Tech
  • Awards
  • Business Tools
  • Subscribe
  • Tech Enquiry
  • Business IQ

    Getting the basics of cyber security right

    Smarter Writer
    Smarter Team

    A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

    Smarter Writer
    Smarter Team

    A team of business and technology journalists and editors who write to help Australia’s community of small and medium businesses access the technology and know-how that helps solve problems and create opportunities.

    Artificial intelligence. Blockchain. Zero-day detection. The cyber security marketplace contains a litany of confusing buzzwords that can make an already complex subject sometimes even more confusing. But like so many other fields, before you can make any progress in cyber security you first need to get the fundamentals right.

    Mobile cloud data backup

    The fundamentals are often called the ‘basics’, but this doesn’t mean they’re easy. In fact, some big technology companies in the world also struggle with what can be thought of as cyber security 101.

    The Australian Government has created a straightforward guide to the cyber security essentials, and how to implement them, to help you protect your business against online threats.

    What is the Essential Eight?

    The government’s cyber security experts have identified eight essential mitigation strategies designed to help limit your organisation’s exposure to the vast majority of cyber threats. 

    These eight strategies are a subset of the Australian Cyber Security Centre’s 37 Strategies to Mitigate Cyber Security Incidents and form a strong baseline of protection.

    The Essential Eight is broadly aimed at:

    • Helping prevent attacks
    • Limiting the extent of cyber attacks, and
    • Recovering data and systems availability.

    Helping prevent attacks

    The first step to protecting against an attack is to prevent it from occurring in the first place. The vulnerability of your systems and users can be reduced by implementing the first four steps in the Essential Eight:

    1. Application control. This is one of the most effective steps in helping to ensure the security of systems. While application control is primarily designed to prevent the execution and spread of malicious code, it can also help prevent the installation or use of unapproved applications, which can bring harm to the security of your systems and data.
    2. Patching applications, or applying updates, is a critical process to help ensure the security of all your IT equipment. Patches often fix known vulnerabilities or flaws which might provide an entry point for anticipated threats to be released into systems and software. You should aim to always use the latest version of applications where possible, and to patch applications with “extreme risk” vulnerabilities within 48 hours.
    3. Configure Microsoft Office Macro settings. Macros, a staple in IT systems, automate regular tasks to save time. However, some macros can pose a security risk. A person with malicious intent can introduce a destructive macro in a file to spread a virus on your computer or into your network. You should block macros from the internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
    4.  User application hardening. With the rapidly shifting technology landscape, a regular clean out of old tools or applications is important to ensure your security posture isn’t being weakened by vulnerabilities in systems (like unpatched software) or processes (like default, weak, or reused passwords). You should especially consider configuring web browsers to block Flash as well as ads and Java, and disabling unneeded features in Office, web browsers, and PDF viewers; these are popular ways for hackers to push malicious code onto your systems.
    Worried about potential online attacks?

    Telstra Business Cyber Security Services can help to protect your business.

    Find out moreWorried about potential online attacks?

    Limiting the extent of cyber attacks

    Breaches are inevitable but they need not be destructive. The next three steps in the Essential Eight will help limit the damage:

    1. Restrict admin privileges. Hackers actively seek admin accounts to give them greater access to data and systems. Which means the less admin accounts you have the better. Don’t let anyone be the administrator of their machine unless they have a legitimate business need. Set privileges in accordance with the user’s duties and role; someone who mainly works in email and the web doesn’t need to be an admin. Regularly revalidate the need for these privileges.
    2.  Use multi-factor authentication. Multi-factor authentication is a powerful tool in your cyber arsenal. This defense makes it much harder for a hacker to break into your network, and limits their ability to move around should they be able to gain initial access. Aim to have multi-factor authentication on as many systems as possible, especially for VPNs and other remote access tools.
    3.  Patch operating systems. Patching appears twice in the Essential Eight because vulnerabilities in systems and software are regularly used to hack into organisations. Again, you should always aim to use the latest version of operating systems – specifically avoid using unsupported versions – and patch “extreme risk” vulnerabilities in computers and network devices within 48 hours.

    Recovering data and systems availability

    Have you ever lost a camera or a phone and therefore the photos that were stored only on that device? The same pain is felt when ransomware attacks encrypt a business’ critical data, rendering it inaccessible.

    It is often only when something goes wrong that business owners think about their backups. Backing up important data should be an ongoing exercise.

    1.  Daily Backups. To ensure information can be accessed following a cyber security incident or outage, back up new or changed data, software and configuration settings daily, and retain it for at least three months. Aim to follow the 3-2-1 backup rule: store your production data and two backup copies on two different mediums (like a cloud service and an offline disk drive), with one of these copies stored offsite (not connected to your network) to ensure you can recover in the event your network is taken offline.

    Where and how to start with the Essential Eight

    It’s easy to get a little overwhelmed with all the tools and services promising to protect you online

    Master the fundamentals with a trusted security partner. Telstra’s security experts can help assess the maturity of your systems, and help you implement the Essential Eight in the most relevant way for you.

    Telstra strongly encourages all businesses to read and consider how the Essential Eight could be implemented within their organisation. More details can be found at the Australian Cyber Security Centre website.

    Are you keeping up with the latest in tech and business?

    Get empowered with stories, news and announcements on Telstra Exchange.

    See the latestAre you keeping up with the latest in tech and business?

    Customer Experience
    Customer Experience
    How to find out if your website shows up in search results

    In this step-by-step guide, discover how to figure out if your website isn’t showing up in search engine results - and how to fix it so your business is seen where it matters m...

    Customer Experience
    Customer Experience
    Shipping and delivery fundamentals: How to choose a shipping cost method

    If you’re selling a product online, shipping and delivery (and the communications around these things) are a crucial part of a customer’s experience of your business. In this f...

    Explainer: Decode the latest business tech terms from A-V

    This is your go-to resource for understanding tricky tech terms - feel free to bookmark this page for future reference.

    Business IQ
    Business IQ
    How to prepare your small business for a cyber security health check

    Cyber security, or technology in general, may or may not be your jam but as a small business, ensuring your digital space is secure and knowing how to prevent cyber attacks for...