What are the Essential 8
Why: to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers
How: Prevents the 2 million variations of bad files created daily from executing on your device, by only allowing access to approved applications from your “white list”.
Why: Security vulnerabilities in applications can be used to execute malicious code on systems. e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers.
How: Use the latest version of applications. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours.
Configure Microsoft Office Macro Settings
Why: Microsoft Office macros can be used to deliver and execute malicious code on systems.
How: Block macros from the internet, and only allow vetted macros. These are either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
User Application Hardening
Why: Flash, ads and Java are popular ways to deliver and execute malicious code on systems.
How: Configure web browsers to block Flash (ideally uninstall it), ads and Java on the internet. Disable unneeded features in Microsoft Office (e.g. OLE), web browsers and PDF viewers.
Restrict Administrative Privileges
Why: Admin accounts are the ‘keys to the kingdom’. Adversaries use these accounts to gain full access to information and systems.
How: Regularly revalidate the need for administrative privileges on operating systems and applications based on user duties. Don’t use privileged accounts for reading email and web browsing.
Patch Operating Systems
Why: Security vulnerabilities in operating systems can be used to further the compromise of systems.
How: Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest operating system version. Don’t use unsupported versions.
Why: Stronger user authentication makes it harder for adversaries to access sensitive information and systems.
How: Use MFA for VPNs, RDP, SSH as well as other remote access. MFA should also be implemented for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
Why: To ensure information can be accessed following a cyber security incident (e.g. a ransomware incident).
How: Implement daily backups of important new/changed data, software and configuration settings. This data should be stored, disconnected and retained for at least three months. Test restoration initially, annually and when IT infrastructure changes.