Essential Eight

Don’t be in the 80% of SME business that fall into these statics because they don’t have standalone Cyber Protection Insurance.



Estimated yearly cost of cybercrimes to Australian business.


48% Of Insurance Policies are NOT paid due to non-compliance


The average cost of a cyber attack to a small business.


Billion Breaches annually and growing

Join the 20% of SME business that have protection,


1300 RIGAIT (1300 744 248)

Click here for more info

When it comes to securing your business, you may typically think of security cameras, alarm systems and insurance policies. But in recent years, cyber security has become, for many businesses, even more important than physical security.

According to the Australian Cyber Security Centre (ACSC), malicious cyber activity is increasing in Australia. Attacks are becoming more frequent, greater in size, and more sophisticated too.

Thankfully, the ACSC have outlined eight key cyber security policies for businesses to implement in order to best defend themselves against cybercrime. These are known as the Essential Eight.

At Real Innovation Group, we take the ACSC’s Essential Eight cybersecurity measures seriously. These controls are implemented and constantly checked for all of our clients, ensuring you’re defended from malware and cyberattacks as best as possible.

Let’s discuss the Essential Eight cybersecurity controls outlined by the ACSC, why they’re so important to all Australian businesses that have a cyber presence, and how Real Innovation Group can help you improve your cybersecurity.

What are the Essential Eight?

The Essential Eight cybersecurity controls outlined by the ACSC are a series of measures which should be taken to protect organisations from the risk of cyberattack. In 2014, the top four of these controls were made mandatory for Australian Federal organisations. The Essential Eight security controls are:

  • Application control
    Application control prevents the execution of malicious code, or malware in systems. It involves detecting applications which are allowed to be used, and developing controls to ensure only those which are permitted are accessible. To implement application control, you need an overview of all applications and processes run by users in your network. Tracking unusual activity and acting upon it is also a big part of application control.
  • Patch applications
    The second control in the Essential Eight is application patches. Managing application patches involves testing, acquiring and installing code changes, or patches, on your computer systems. Here, we’re aiming to repair vulnerabilities in your systems and identify defects, helping your organisation stay updated and secure.
  • Configure Microsoft Office macro settings
    It’s important that users aren’t able to execute Microsoft Office macros unless they have a specific business requirement. Configuring your Microsoft Office macro settings in this way is essential to preventing malware attacks and protecting important information which your Microsoft documents may contain.
  • User application hardening
    ‘Malvertising’ is often used in cyber criminals’ attempts to compromise systems. Blocking web advertisements by using web browser add-ins or extensions, or via web content filtering, can prevent the compromise of a system.
  • Restrict administrative privileges
    It’s highly advisable to restrict administrative privileges in your organisation to a select few. The ACSC advises organisations to identify tasks that require privileged access, create separate attributable accounts for personnel who conduct privileged operations and limit the escalation of critical activities. The less you have to monitor and be wary of privileged access accounts, the less open you are to a cyberattack in this way.
  • Patch operating systems
    Patching operating systems is similar to patching applications; here, we check for certain vulnerabilities in your operating systems and test patches for safety before deploying them.
  • Multi-factor authentication (MFA)
    MFA has bolstered system security tremendously since its widespread implementation over the past decade. The ACSC also recommends visual notifications for each authentication request and storing software certificates in the trusted platform module of your devices.
  • Regular back-ups
    The final control of the Essential Eight is regular backing-up of all your data. Online and offline back-ups should be regularly conducted and measures should be implemented to indicate when a breach has occurred.

Maturity levels of the Essential Eight

Not only does the ACSC outline their Essential Eight controls for cybersecurity, but they also provide guidelines on the level at which your business is following them. This is known as the Essential Eight Maturity Model. Here, we can observe 4 distinct levels which businesses should aim to gradually build up to:

Maturity Level 0: Level 0 is categorised by weak cybersecurity systems which can easily be compromised by adversaries. Businesses with a maturity level of 0 should aim to improve cybersecurity systems as their data is at serious risk.

Maturity Level 1: Businesses and organisations at maturity level 1 are able to mitigate risk from opportunistic cybercriminals who use commonly employed techniques launch malicious content upon weak or vulnerable systems.

Maturity Level 2: At the second level of essential eight maturity, organisations are able to block attacks from more challenging cyber adversaries who use advanced techniques to compromise system security. Impersonating users or accounts to gain access to system privileges is classified as a level 2 type of threat.

Maturity Level 3: The most advanced maturity level is level 3, in which businesses are highly defended against all types of cyberattack. Maturity level 3 organisations are able to prevent attacks from highly advanced adversaries who can easily spot loopholes like slack security and outdated software.

How to improve your Essential Eight protocols and Maturity Level:

If you think your business or organisation could improve its cybersecurity, simply get in touch with Real Innovation Group. Real Innovation Group are Australia’s leading team in a broad range of IT services.

Whether you need to bolster your cybersecurity or want a committed team of professionals for other IT tasks, Real Innovation Group is here for you. Our managed services ensure your business is reducing wasted time and money on training and staff upkeep, while giving you high quality cybersecurity.

Prevent problems, get innovative solutions and save money all at the same time when you talk to the team at Real Innovation Group and inquire about our managed IT services today!

Don’t take our word for it.

JourneyPRO Instant Windscreens Case Study

Instant Windscreens and Tinting use JourneyPRO in their business today.

“JOURNEY is a ‘first-in-our-industry’ technology that improves our customer service offering, and claims back approximately 2,000 hours monthly in route scheduling for our branch management teams.”

Read more about how JourneyPRO has transformed Instant Windscreens’ business by downloading the case study here.