7 – The ACSC Essential 8 Guide for Small Businesses

by | Oct 17, 2023 | Podcast


In the “Cybersecurity for Small Business” podcast, James from Extreme Networks discusses the Essential 8, a critical framework for enhancing cybersecurity, and why small business owners should care about it. The Essential 8, developed by the Australian Cyber Security Centre (ACSC), is designed to help organizations, from government departments to small businesses, protect themselves against cyber threats. These strategies prioritize mitigation measures that provide the most significant cybersecurity improvements. 

The Essential 8 is a continuation of the work initiated by the Australian Signals Directorate (ASD), which proposed the top 35 strategies for enhancing cyber resilience. These strategies were ranked based on their effectiveness and user resistance, upfront costs, and ongoing maintenance. It’s important to strike a balance between security and usability. 

Learn about the Essential 8 here: Essential 8 – Cyber Security for Small Business (cybersecurity4smallbusiness.com) 

Check out the Stuxnet attack on the Iranian nuclear processing facility: Stuxnet explained: The first known cyberweapon | CSO Online 

The Essential 8 includes the following key strategies: 

Application Control: Managing which applications can be run on workstations or servers, either through whitelisting or blacklisting. It can be challenging to implement, particularly if users rely on various applications. 

Patch Applications: Keeping software applications up to date and applying patches to safeguard against vulnerabilities. 

Configure Microsoft Office Macro Settings: Ensuring the security of Microsoft Office macros to prevent potential threats. 

User Application Hardening: Strengthening web browsers and preventing them from processing ads from the Internet. Avoiding the use of vulnerable browsers like Internet Explorer.

Restricted Administrative Privileges: Limiting administrative privileges for users to minimize the impact of malware or unauthorized activities.

Patch Operating Systems: Keeping operating systems updated and patched promptly to address vulnerabilities and security issues.

Multi-Factor Authentication (MFA): Implementing MFA to add an extra layer of security by requiring users to provide a second authentication factor (e.g., a mobile device) when accessing accounts or applications.

Regular Backups: Ensuring regular, off-site, and secure backups of essential data to enable recovery in case of data loss. 

However, there are several challenges and issues associated with implementing the Essential 8, including the costs involved, technical expertise requirements, and the complexity of some strategies, particularly for small businesses. Cybersecurity awareness, compliance, and other factors are also relevant, but not all businesses will face the same risks or have the same resources for mitigation. 

The podcast also suggests using a free Essential 8 auditing tool to assess your organization’s readiness and develop a tailored plan for achieving the desired level of cybersecurity resilience. 

Check out the free tool here: Essential 8 – Cyber Security for Small Business (cybersecurity4smallbusiness.com) 

Overall, the Essential 8 is a valuable framework that provides a structured approach for improving cybersecurity in small businesses, helping them mitigate risks and safeguard their operations against various threats. However, it’s essential to evaluate these strategies in the context of your specific business needs and resources. 

Understand your cybersecurity risk for your small business

Try our FREE Essential 8 Auditor Tool