IT Security Services

The Essential Eight

To Prevent Malware Running

Application Whitelisting

A Whitelist only allows selected software
applicaions to run on computers.

WHY? All other software applications
are stopped, including malware.

Patch Applications

A Patch Fixes Security vulnerabilities in
software applications.

WHY? Adversaries will use knows security
vulnerabilities to target computers.

Disable Untrusted Microsoft Office Macros

Microsoft Office applications
can use software known as
‘macros’ to automate routine tasks.

WHY? Macros are increasingly
being used to enable download of
malware. Adversaries can then access
sensitive information, so macros should be
secured or disabled.

User Application Hardening

Block web browser access to Adobe Flash
Player (Uninstall if possible). web ads and
untrusted Java code on the internet.

WHY? Flash, Java and web ads have long
been popular ways to deliver malware to
infect computers.

To Limit The Extent Of Incidents
And Recover Data

Restrict Administrative Privileges

Only use administrator privileges for
managing systems, installing legitimate
software and applying software patches,
These should be restricted to only those
that need them.

why? Admin accounts are the ‘keys to the
kingdom’, adversaries use these accounts
for full access to information and systems.

Multi-Factor Authentication

This is when a User is only granted access
after successfully presenting multiple,
separate pieces of evidence. Typically
something you know, like a passphrase;
something you know, like a physical token;
and/or something you are, like biometric
data.

Why? Having multiple levels of
authentication makes it a lot harder for
adversaries to access your information.

Patch Operating Systems

A patch fixes security vulnerabilities in
operating systems.

Why? Adversaries will use known security
vulnerabilities to target computers.

Daily Backup Of Important Data

Regularly back up all data and store it
securely offline.

Why? Thats way your organization can
access data again if it suffers a cyber
security incident.