Skip to main content

Essential Eight – The final four

Welcome back to this 3-part series on the Essential Eight Maturity Model (EEMM).
Previously we covered off on the Essential Eight overview and also the Essential Eight First Four. If you haven’t read these already it’s well worth checking them out.

In this article we will look at the Final Four strategies and how they help your business, there is a bit to take in so get yourself a coffee and put your calls on hold for a few minutes.

Restrict administrative privileges.

A key component of securing any environment it to ensure that user privileges are matched to the user’s role, and any privileged account is never used for daily duties such as checking emails or surfing the internet.
Why is this so important?
A user with administrative privileges has greater access to your systems, as such should that user have their accidentally install malware or have their account compromised then the attacker has greater access to cause damage.

How do you restrict privileges?
Here are a couple of quick tips:

  • Create service accounts for dedicated tasks.
  • Administrators should have 2 accounts, one for administration and one for daily use.
  • Look at the people within your company, look at their roles and assign an appropriate level of access to suit.
    Example: The Accounting team doesn’t need access to the Marketing team’s resources and vice versa.
  • Limit access for users to only what they need.
  • Audit your permissions on a regular basis. Make sure that the permissions are up to date and reflect that users role.

Patch operating systems.

Patching Operating Systems is a critical part of the EEMM. Any operating system that is not receiving the latest security patches exposes your environment for potential attackers.
All Operating System vendors (Windows, Mac OS, Unix, Linux) work tirelessly on ensuring that they are quick to address any new security vulnerability that is discovered. These updates are then made available to the public to help protect.
Your job as the business owner / manager is to ensure that your IT team is on top of installing the latest security patches.

A benefit of patching operating systems regularly is that you will also receive any new features and upgrades that are available.

**** It is imperative that any operating system that is no longer supported by the vendor is replaced immediately. ****

Any quality Managed Service Provider will have systems in place to push down the latest patches and monitor/remediate devices that aren’t up to date.

Multi-factor authentication.

Multi-factor authentication (MFA) is one of the cheapest and most effective methods of protecting your organisation. MFA provides an extra layer of security by requiring an additional code from a trusted device when users try to log in to a service.
MFA helps protect your team against brute force password attacks, which the normal username & password combination are very susceptible to.

What do you need to do?
Implement a change in your organisation to ensure that any internet facing service or software requires the use of multi-factor authentication.

If you don’t know what MFA is, check out our previous blog post about 2FA/MFA to get a better understanding

Regular backups.

This is an absolute MUST. If there is one thing you take out of this series of posts on the Essential Eight Maturity Model, it is the need for a robust Backup regime that follows the 3-2-1 rule and is regularly tested.

A question we are often asked is ‘What is a good backup regime and what should we be backing up?’. These questions are answered in further detail in the following article, but for the purposes of this article you should look at the following:

  • Backup any data that is crucial to the operation of your business.
  • Backups should follow the 3-2-1 rule – 3 backups, 2 different media types and one is offline.
  • No unprivileged account should have access to your backups/backup system.
  • Ensure you have a backup of your collaboration suite – Microsoft 365, Google Workspace so on.
  • Backups must be tested on a regular basis to ensure validity.
  • Backups should be encrypted.

Final thoughts.

Implementing the Essential Eight Maturity Model may seem daunting and a big task to tackle, but it doesn’t have to be. If you have a good understanding of your business and the systems that you use, then you are in a good position.
It may not be possible to implement the EEMM strategies all at once, so implement them in it stages and start with the ones that provide the best bang for buck in terms of time vs reward.

As always, starting is the biggest challenge. Don’t put this in the too hard basket – put some time aside and make it a priority.

The team at Runtime IT are here to help and can work with you to create a realistic implementation plan and timeline that suits your needs. Give us a call today.

Call today 1300 730 331

Author Daniel

More posts by Daniel