So, What is the Essential 8?

Put simply, they are 8 mitigation strategies developed by the Australian Cyber Security Centre (ACSC) to help businesses of all sizes protect themselves against various cyber threats. Depending on whether they have been implemented in your business and to what degree, will dictate the maturity level your business aligns to.

  • Partly aligned with the mitigation strategy (low compliance)
  • Mostly aligned with the mitigation strategy (medium compliance)
  • Fully aligned (highly protected)

What Are the 8 Essential Mitigation Strategies?

Application Control


Patch Application


Configure Microsoft Office Macros

Configure Microsoft Office

Use Application Hardening

Use Application

Restrict Administrative Priveleges

Restrict Administrative

Patch Operating System

Patch Operating

Multi-Factor Authentication


Performing Daily Backups

Performing Daily

Cyber Crime Isn’t Something You Can See
Until It’s Too Late

Protecting your business against cybercrime and implementing a strong cyber security strategy often gets put on the bottom of the list.
This can happen because the threat can’t be seen, but here’s what it might look like…

Level 0

Level 0: Basic Security
But No Strategy

Maturity Level 0 is like having a house and accidently leaving the doors and windows unlocked. An opportunistic attack is a lot more common in these cases and the damage severe.

When it comes to your business…

MSP’s (Managed Service Providers) will offer a good level of preventative security but if there is no strategy, visibility or forensics your attack target and damaged cause will be a lot greater.

Level 1

Level 1: Improved Security
with Basic Strategy

Maturity Level 1 equates to locking your doors and windows all the time which makes it a lot harder for Cyber criminals to gain entry.

When it comes to your business…

Implementing the Essential 8 controls at Maturity Level 1 gives you the beginnings of cyber security strategy as well as making it harder for criminals to move around your network in case of a breach.

Level 2

Level 2: Tighter Security
with a Well-Formed Strategy

Maturity Level 2 significantly improves you cyber security posture. This is like having your house fully locked up and an alarm system with cameras in place.

When it comes to your business…

By implementing Essential 8 controls at Maturity Level 2 this gives you the preventative protections to keep the criminals out but if they do get through it gives you the visibility and forensics to see how they got in, what they have done and how to get them out.

Level 3

Level 3: Enterprise Security
with a Fully Formed Strategy

Maturity Level 3 reduces your attack surface dramatically. This would be like having a house with 24/7 security in place at all times.

When it comes to your business…

Essential 8 controls at Maturity Level 3 would fully align with all controls at all levels. It is designed for large companies and enterprises that have a high degree of regulatory obligation or highly valuable (targeted) data and is rarely seen in the Small to Medium markets.

FREE eBook: 8 Cyber Essentials
to Safeguard Your Business

Cyber criminals are always finding new ways to break in and they don’t discriminate. In fact, as small and medium businesses generally have lower or no effective security measures in place, they are often an easy target for cyber criminals. No matter how big or small your business is, it’s vital that you have security measures in place to protect what matters most to you.

But where do you start? Download our eBook to find out!

Download the EBook

gear Application Control

Prevent Unauthorised Apps from Being Installed

If Malware is unable to run, it significantly reduces your risk and means the other strategies are only required as last resort.
By implementing Application control, it makes it progressively harder for even a determined attacker to breach.

loader Patch Applications

Keep Your Applications Up to Date

Security vulnerabilities in applications are gateways for malware and exploits. Unpatched applications could allow an attacker access to your network and to steal, encrypt or otherwise damage your data.


Block Malicious Scripts from Compromising your Systems

Office Macros are special scripts and code, and can run at elevated rights. Malicious Macros can download other code, run applications, encrypt your data and attack the remainder of your network.

If you are using Macros, you should only allow known macros to be run in your environment. But there should be a strategy in place to find an alternative solution.


Your Browser can be an Open Window for Cyber Criminals. Close it!

Internet applications like Java and Flash can be sources of malware. By hardening the internet browsers through our tools, we limit the opportunity for malware to infect your environment.


Ensure Only the Right People Have Full Access to Your Systems

Everyone likes being in control but power in the wrong hands can easily lead to mistakes including downloading programs, installing new applications, lower security protections, deleting files, encrypting files. Without intending, users set to administrators pose a huge security risk as they won’t carry out the required checks before completing any of those actions.


Operate Fully & Securely

Security vulnerabilities in operating systems are gateways for malware and exploits. Unpatched operating systems could allow an attacker access to your network and to steal, encrypt or otherwise damage your data.
By working with Future IT Services, we ensure all of your devices are running on the latest operating system.


The Easiest & Most Effective Method of Security in Just 1 Click

MFA restricts access to applications like Microsoft 365 to only those users who can respond to the MFA prompt. This means that even if an account is compromised, the target needs to positively respond to the MFA prompt for the attacker to be successful.
At Future IT Services, we recommend all platforms and accounts should have MFA enabled.


Implement the 3-2-1 Rule. You Can Never Have Too Many Backups

Data stored locally on devices, in Microsoft 365 or a server is vulnerable to compromise, deletion, encryption. Regular, automated backups of all data is essential to ensure that there is a recovery path should a device or account be compromised.
You should have 3 copies of your data, in 2 different types of media and at least 1 copy stored offsite.

Start Protecting Your Business Today

Talk to the team today about our Cyber Security solutions and how they can help protect your business.