Get a Quote

  • Max. file size: 32 MB.
  • This field is for validation purposes and should be left unchanged.
19
Jan

Cyber safety, Simplified: The Essential Eight Principles

Cyber threats pose a constant and increasing concern for businesses of all sizes, including SMEs.
The Australian Cyber Security Centre (ACSC) reported a 12% increase in calls to the Cyber security Hotline (1300 CYBER1) in 2023-24, highlighting the urgent need for SMEs like yours to ramp up cybersecurity measures.

The Essential Eight: a Foundation for Cybersecurity

The Essential Eight compliance checklist is a set of eight mitigation strategies which aim to improve an organisation’s cyber resilience. They centre on protecting Microsoft Windows-based internet-connected networks. By adopting these strategies, businesses can significantly slash their risk of cyberattacks.

However, no single set of measures can guarantee complete protection against all cyber threats, says the Australian Signals Directorate.

Here are the Essential Eight strategies in a nutshell:

  1. Application control: Restricting the software that your systems can run
  2. Patch applications: Keeping software up to date with the latest security patches
  3. Configure Microsoft Office macro settings: Disabling macros in Microsoft Office documents to prevent malicious code execution (just enable what your staff need)
  4. User application hardening: Configuring software settings to enhance security
  5. Restrict administrative privileges: Limiting the number of users with administrative access to systems and have a clear policy about it
  6. Patch operating systems: Keeping operating systems up to date with the latest security patches
  7. Multi-factor authentication (MFA): Adding an extra layer of security as the default by requiring two or more forms of identification, and
  8. Regular backups: Regularly backing up important data, software and configurations to protect against data loss.

Do your due diligence and check out the finer details about each of these Essential Eight.

Here’s alternative guidance for cloud servicesenterprise mobility, or other operating systems, such as Apple iOS and Apple macOS.

The Importance of Cyber Resilience 

Cyberattacks can have severe consequences for SMEs, such as:

  • Financial loss
  • Operational disruption, including system downtime and supply chain disruptions
  • Employee morale and productivity
  • Reputational damage, and
  • Higher insurance premiums.

As well, there are legal and regulatory compliance issues. Businesses with an annual turnover of $3M+ may fall into the purview of the Privacy Act 1988. Find out here if your SME needs to comply.

How to Implement the Essential Eight

  1. Assess your current security posture:
    Evaluate your current security practices to identify areas for improvement
  2. Prioritise implementation:
    Start implementing the easiest controls, such as patching applications and configuring macro settings
  3.  Seek expert advice:
    Consult with cybersecurity experts to develop a comprehensive cybersecurity strategy tailored to your business needs
  4.  Foster a Culture of cybersecurity: Encourage employees to be vigilant and report any suspicious activity, and
  5.  Continuously monitor and adapt:
    Start by implementing the easiest controls, such as patching applications and configuring macro settings

When you’ve nailed your approach to cybersecurity, you can rate your business on a maturity scale of one, the lowest to three, the highest.

The Role of Leadership

Strong leadership is crucial for driving cyber resilience. By prioritising cybersecurity and allocating sufficient resources, business leaders can create a culture of security awareness. It might mean one of your IT staff needs to do an Essential Eight Assessment, such as this one.

Adopting the Essential Eight strategies enables Australian SMEs to strengthen their defences and significantly reduce exposure to cyber threats. However, cybersecurity isn’t a one-time action; it’s an ongoing responsibility that requires vigilance and adaptation to evolving risks.

Proactive steps are key to safeguarding your business’s future. This includes working with your broker or adviser to develop a comprehensive risk management strategy, which may encompass Cyber Insurance. Cyber Insurance provides crucial financial protection against losses such as data breaches, ransomware attacks, and business interruption, complementing your overall approach to cybersecurity.

Stay informed and take proactive steps, such as by talking to us, as your broker or adviser, about risk management, to help safeguard your business future.

Legal and Reputational Impacts

When private information is stolen, Australian privacy laws mandate businesses notify affected parties and the relevant authorities. As well as these obligations, companies may face potential lawsuits, higher oversight from regulatory authorities, and long-lasting reputational harm.

Late last year, Federal Parliament passed a set of new cybersecurity laws requiring businesses and organisations report ransom payments, though paying ransoms remains legal.

Rebuilding customer trust after a data breach can take years, compounding the financial and reputational fallout.

Proactive Measures to Safeguard Against Ransomware

To minimise your risk of attack, invest in cybersecurity measures, such as:

  • Implement robust firewalls
  • Deploy real-time threat detection systems
  • Regularly update software
  • Provide frequent training for staff to recognise phishing attempts and other ransomware entry points
  • Assess your systems’ vulnerabilities, and
  • Apply the ACSC’s Essential Eight framework as your cybersecurity health checklist.

 

Article Supplied by OneAffiniti

Photo by metamorworks on Unsplash

More Articles

16
May
Avoid the Pitfalls: Risk Essentials for Real Estate Agents

More than half of Australian real estate professionals say client expectations have intensified in the past two years.

Read More
16
May
Covering Your Bases When Hiring from Overseas

If you’re running a farm in Australia, you understand the reality of the seasonal labour crunch.

Read More
16
May
Cybersecurity Failures and Financial Risk – A Warning for Small Businesses

Cybersecurity might seem like a concern only for large corporations, but recent events have shown that small businesses are equally vulnerable.

Read More
16
May
Know the ATO’s Benchmarks for Better Business Decisions

The Australian Taxation Office (ATO) small business benchmarks serve as more than just a compliance tool—they’re a way to measure your business performance against industry standards.

Read More
16
May
The Silicosis Crisis and What It Means for Your Business

The risks of the lung disease silicosis aren’t just hitting big construction sites

Read More
11
Apr
The Housing Crisis is Hitting Australian Business Hard

Australia’s housing crisis has emerged as the priority social issue worrying business leaders in 2025.

Read More

Get in touch today.

Book an appointment, lodge a claim or contact us to find out more about our full range of insurance services.

Book An Appointment Submit a Claim Contact Us