Essential Eight
A set of eight essential cyber mitigation strategies recommended by the Australian Cyber Security Centre (ACSC) as a baseline for security. These are considered the most fundamental and effective actions to drastically reduce the risk of common cyber threats.
The Essential Eight are:
- Application whitelisting (allowing only trusted programs to run),
- Patch applications (keep software up-to-date),
- Configure Microsoft Office macro settings (block risky macros),
- User application hardening (e.g., disable Flash, block malicious domains),
- Restrict administrative privileges (limit admin accounts),
- Patch operating systems,
- Multi-factor authentication, and
- Regular backups.
When implemented properly, this baseline "makes it much harder for adversaries to compromise systems".
The Essential Eight comes with a maturity model (levels of how well you implement each).
For an SMB, the Essential Eight is very approachable because it's so clear-cut and practical. It basically says: "Do these eight things, and you'll eliminate a huge chunk of threats." Even outside Australia, it's admired as a distilled best-practice guide.
So, for example, if you have MFA, keep your software and OS patched, limit admin rights, and have daily backups - you're already covering a lot of ground. BrightShield includes "Compliance Mini Frameworks for SMBs (e.g., simplified NIST CSF, Essential Eight)" which suggests it can help track your progress on these kinds of baseline recommendations.
In summary, the Essential Eight is a short list of high-value security hygiene practices - not everything under the sun, but the crucial items that give the best bang for the buck in risk reduction. If you're looking for a starting point for your security improvements, this is a great one.