Essential 8 Implementation
What is the Essential 8?
The Essential Eight is a list from the Australian Cyber Security Centre. It shows the eight key actions every business should take to stop cyber criminals and protect data from ransomware and theft.
We’ve talked about some of these before like Multi Factor Authentication and patching. Here, you’ll see how all eight fit together to keep your business safe.
The Eight Controls and How to Use Them
1. Application Control
What it means: Only allow trusted apps and programs to run on your devices. Block everything else, especially unknown or unneeded software.
How to do it: On Windows, turn on AppLocker or Microsoft Defender Application Control. Or, set a rule that new software can only be installed after your approval.
2. Patch Applications
What it means: Keep apps like browsers, PDF readers, and media players updated so cyber criminals can’t use old weaknesses to get in.
How to do it: Turn on automatic updates or use tools like Ninite to update everything at once. See full guide
3. Configure Microsoft Office Macro Settings
What it means: Macros are small scripts that can automate tasks in Office but can also spread malware.
How to do it: Disable macros unless you really need them. In Microsoft 365, go to Trust Center, then Macro Settings, and choose “Disable all except digitally signed macros.”
4. User Application Hardening
What it means: Turn off risky app features like Flash or JavaScript in PDFs that cyber criminals use to attack.
How to do it: Use modern browsers like Chrome or Edge with pop up blockers. Disable or uninstall Flash and Java if you don’t need them.
5. Restrict Administrative Privileges
What it means: Admin accounts have full control. If hackers get these, they can take over everything.
How to do it: Only give admin rights to people who really need it. Remove admin rights when staff leave or no longer need them.
6. Patch Operating Systems
What it means: Keep your computer and phone operating systems updated to close security holes.
How to do it: Turn on automatic updates on all devices. Learn more
7. Multi Factor Authentication
What it means: Require more than a password to log in, like a code sent to a phone or an app.
How to do it: Turn on MFA for email, banking, websites, and any system with important data. Step by step guide
8. Regular Backups
What it means: Keep copies of your important files so you can recover quickly if cyber criminals lock or delete your data.
How to do it: Back up at least once a week. Use cloud services like Google Drive or Dropbox, or an external drive kept separately from your computers.
Real World Example When Controls Are Ignored
Case: In May 2021 JBS Australia was hit by ransomware that shut down meat processing in Australia and North America.
Impact: Operations stopped, causing financial loss and major disruption.
Fix: They improved patching, limited admin access, and started daily backups after the attack.
Source: Australian Cyber Security Centre Annual Cyber Threat Report 2020 2021
Start These This Week
- ☐ Check who has admin rights and remove where not needed
- ☐ Turn off macros in Microsoft Office
- ☐ Back up your important files now
- ☐ Use our MFA and patch guides to complete other steps
Each step blocks common ways cyber criminals attack. Together, they give your business strong protection.