Is your IT strategy based on an industry-recommended security model?

We live in an era where the digital apps and services that organisations use to serve customers and generate revenue are also what cyber criminals target to carry out their crimes. Hence, it is imperative that organisations, especially small to mid-size, have a foundational cyber security strategy to prevent malware delivery and limit the impact of cyber security attacks.

A complacent cyber security strategy can result in a hefty financial loss, tarnished brand reputation, unrecoverable loss of data, and customers leaving your business. A good way to mitigate your risks is to follow what the Australian government recommends as a baseline cyber security risk mitigation strategy called Essential Eight.

Mitigate your risks with Essential Eight

Essential Eight is a cost-effective cyber security risk mitigation strategy developed by the Australian Cyber Security Centre (ACSC) to help organisations reduce the risk of malware delivery and execution and limit the extent of cyber security incidents. It’s eight controls outline the risk mitigation strategies as follows:

Application Whitelisting

Allow only trusted and approved applications to run on your network. This prevents execution of malicious programs from automatically running by having a set of pre-approved apps.

Application Patching

Determine patching procedures and levels for popular web browsers, Microsoft Office, Oracle Java, and PDF viewers. This helps mitigate vulnerabilities on apps that need patching.

Configuration of Office Macros

Review office macros and current policies to prevent untrusted macros with malware from automatically running.

User Application Hardening

Ensure that unauthorised applications such as Adobe Flash Player or Java applets will not be utilised in browsers that have been known to deliver malware.

Restrict Administrative Privileges

Review admin privileges on specific IT systems and provide necessary permissions only for those who need them.

Operating System Patching

Determine existing patching systems, patching schedules, and server/workstation patching compliance. This should allow you to mitigate vulnerabilities on operating systems that need patching.

Multi-factor Authentication

Use a second factor such as a physical token or mobile device to make it more difficult for cybercriminals to access your systems, even when the password has been breached.

Review Backups

Ensure regular backups of data so you can get it back in case you suffer a cyber-attack. Determine RTO/RPO, retention period, online/offline backups, offsite storage location, and test restoration schedule.

Essential Eight Maturity Levels

Essential Eight
Level 0

This signifies a significant weakness in your organisation’s overall cyber security posture that, when exploited, could facilitate data loss, compromise data integrity, or cause non-availability of your systems.

Level 1

Cyber criminals who opportunistically seek common weaknesses in multiple targets rather than focusing on one specific target is the main focal point of this level. This is where they employ social engineering techniques to trick users into weakening the security of a system and then launch malicious applications.

Level 2

This level focuses on cybercriminals with a modest step-up in capability from level one. Attacks will be more targeted and will use advanced tools to bypass security controls. Tools and techniques in their arsenal include compromising credentials using phishing, implementing technical, and social engineering to bypass weak MFA.

Level 3

This level focuses on adversaries that are more sophisticated and do not rely on conventional tools and techniques. They exploit weaknesses in their victim’s security posture to magnify their access, avoid detection, and gain a strong footing on the system. Generally, cybercriminals will focus on specific targets and will invest time and effort to circumvent particular policies and controls.

Unlock the Benefits of Essential Eight Risk Assessment

Reduce your vulnerabilities.

Identify and mitigate known security vulnerabilities by employing a multi-layered and comprehensive approach to cybersecurity.

Minimise the impact of potential attacks.

Ensure rapid containment and swift recovery from a security breach, allowing your company to maintain uninterrupted operations.

Use a measurable framework for risk assessment.

Utilise a quantitative benchmark to measure your organisation’s cybersecurity risk and ensure compliance with the Australian Signals Directorate’s recommendations.

Cost-effective cybersecurity.

The Essential Eight's low-cost, robust mitigation strategies are a smart investment, significantly reducing the financial impact of a potential cyber breach on your business.

Get an indication of your organisation’s Essential Eight maturity level

Running our Essential Eight Discovery Session in your organisation will help you understand how to reduce your cyber security risks dramatically and determine what steps to take to improve your security posture. Sign up for your Essential Eight Discovery Session to:

  • Understand your current security posture and the goals you want to achieve.
  • Align the next steps to mature your security posture based on Essential Eight.
  • Get assessed by our team of experienced cybersecurity experts at no cost.

Download Datasheet

Assess your cyber security risks.

Complete the form below, or contact us on 1800 126 499 to speak to one of our experts today.

Helping to secure and modernise Australian workplaces

Professional Advantage has more than thirty years of history delivering Microsoft solutions and services, and is one of a handful of multi-skilled Microsoft Solutions Partner and Tier 1 CSPs operating in Sydney, Melbourne, Brisbane, and Perth. We have worked collaboratively with hundreds of Australian organisations in helping them achieve a secure and modern workplace by leveraging Microsoft 365 and Azure. 

9.7 years

average client retention


consistently high net promoter score


employees across 7 offices worldwide

30+ years

solid experience in the IT industry, helping organisations achieve more from technology

6 Microsoft Designations

Microsoft Solutions Partner for 6 designations and a Tier 1 CSP

3 clouds

Strong delivery practice across Microsoft’s 3 clouds: Dynamics 365, Microsoft 365, and Azure

Professional Advantage has earned a Microsoft Solutions Partner designation for proficiency in Microsoft Cloud, Modern Work, Business Applications, Data & AI Azure, Infrastructure Azure, and Digital & App Innovation Azure.

Explore more of our Cyber Security Services

Secure Remote Workshop

Learn more
Microsoft 365 Baseline Security

Learn more
Managed Security Services

Learn more

Recommended resources for you

Essential Eight Cybersecurity from the Server Room to the Boardroom

Access this on-demand webinar to receive:

  1. An overview of Essential Eight, why it is relevant, and what your business needs to consider.
  2. An understanding of the common language you can use to report on your organisation’s security posture to your Board of Directors and Senior Management.
  3. Knowledge on how to utilise your existing Microsoft products and licensing to enable security controls to reach your desired Essential Eight maturity level.
  4. Guidance on considerations beyond the bare minimum security recommended by Essential Eight.

Access now
Using Microsoft Secure Score to improve your security posture

Read blog
Lessons learned from the largest Australian data breach

Read blog
Application Whitelisting: Why is it essential for every business?

Read blog
Vulnerability Scanning vs Penetration Testing

Read blog
Protect your Not-for-Profit with Essential Eight and Microsoft 365

Download eBook



Find the answers to the most common questions about Security.

Read FAQs

Read the latest insights and best practices from our experts.

Read blog

Learn how we help the not-for-profit sector to stay cyber resilient.

Learn more