Our focus is on assisting with the implementation of the Essential 8 guidelines, as per the Australian Cyber Securities recommendations.
We additionally provide managed services and essential business solutions.
1300 598 009
Essential 8 Recommendations
Application Whitelisting
What: Limits applications from loading to memory if they are not defined by hash, location, owner, publisher.
Why: to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.
User Application Hardening
What: Restrict applications to the uses they are needed. Limit the ability for them to be used maliciously.
Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.
Multi-factor Authentication
What: Apply MFA/2FA to all systems/processes that allow it.
Why: Stronger user authentication makes it harder for adversaries to access sensitive information and systems
Patch Operating Systems
What: Protect against known exploitations by applying security and critical updates.
Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.
Configure Microsoft Office Macro Settings
What: Restrict Office Products from running Macro scripts
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.
Restrict Administrative Privileges
What: Stop the elevated access users need to install most applications. (Note: this does not stop applications running. That don’t require installations)
Why: Admin accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to information and systems
Daily Backups
What: Backup all critical data to encrypted, isolated and restricted systems both onsite and offsite daily as a minimum. (Note: We recommend backups are performed as often as possible in order to reduce your Recovery Point Objective)
Why: To ensure information can be accessed following a cyber security incident (e.g. a ransomware incident).
Additional Recommendations
Device Whitelisting
What: Limits use of pre-approved specific devices to pre-approved users/groups/networks at configured times.
Why: to prevent unknown potential malicious devices entering your network.
Assists with: DLP
Device Auditing / Shadowing
What: Take logs and file copies of used files.
Why: Review and understand what files are being copied/edited to/from devices that are approved. No just logging but complete shadow copies of the file transmitted.
Assists with: DLP
Network Auditing/Filtering
Why: Control threats with behavior based patterns. Ensure networking systems are dynamic enough to prevent unusual behavior.
System Redundancy
What: Have your system designed to cater for planned or unplanned system outage.
Why: Maintain Business continuity with redundant high availability designed systems.
Disaster Recovery Plans
Why: Ensure you have a plan and process on how to recover from a Disaster.
Consider:
– Recovery Time Objectives (RTO)
– Recovery Point Ojbectives (RPO)
Professional IT Services & Solutions
'Managed' IT Solutions
Managed IT Solutions are proactive. This process will elimiate the majority of unknown issues.
This can range from simple managed systems or all the way to business development.
'Break Fix' IT Services
BreakFix Services are reactive.
Think of this as an on-call IT team member.
We can process most common process with ease and efficiency.
Note: This is not a Managed service, it is purely reactive based on email/phone call.
VoIP Services
These range from Desk Phone, Virtual Phone, Network Design, Security. Sip Trunk.
We target our services towards a Cloud driven solution by 3CX.
Backup Services
Onsite/Office Backup design and configuration with automated testing and validation.
Security Services, Software and Solutions
We specialise in a number of different areas of IT and Security.
Having the right solutions will provide your organisation with the functionality to restrict/protect via simple rules/process and policy.
Automatic Computer learning can provide an great essential assistant in working with an ever evolving IT structure.
We encourage you to review our offerings to see what fits your needs.
If you are unsure of what you need or how to achieve your defined goals, please don’t hesitate to contact us and we can take you through the planning steps.