Home     Security       Security Is Not An On Or Off Option But A Continued Effort To Improve

Security Is Not An On Or Off Option But A Continued Effort To Improve

What are you doing to keep up to date with security best practices? Security cannot simply be an on/off button, or an update, or a new tool in place. Instead, it needs to be a continuous effort to improve, to remain vigilant about new and emerging threats and cyberattacks. With so many different threat vectors, from network security, to applications, and server security, it can be tricky to organise a comprehensive, ongoing commitment to protecting your organisation’s IT infrastructure.

A1 is focused on delivering a great user experience with our own flavour of services and technologies applied to align to the Australian Cyber Security Centre’s Essential Eight, something we don’t think a lot of other MSP’s are offering or even thinking about right now.

The Essential Eight

The ACSC’s Essential Eight is a series of eight areas of focus developed by the Australian government’s cybersecurity division to prevent malware delivery and execution. These eight areas represent where we should be performing best practices for security. By focusing on each of these areas on an ongoing basis, it allows us to determine the best course of action for our clients to remain up to date across the security threat landscape.

1. Application control 

Application control is about locking down your systems’ applications so that non-approved apps, scripts, and installers can’t run. This is a whitelisting process, which includes an inventory of all apps approved for general use, plus you may want apps available to certain user groups. Users should not be able to simply install whatever they wish – there should be an approvals process in place for risk assessment.

2. Patching applications

Applications provide ongoing updates not only to remove bugs, clean up the user interface, and improve features, but also to eliminate new threats from being able to sneak in. It’s important to always apply application security patches as they are released.

3. Patching underlying operating systems

Similarly, the operating systems you use, whether they’re Windows, Mac, or Linux, will have regular system updates too. The security patches released by these companies are critical to apply to ensure ongoing systems security, particularly on servers.

4. Microsoft Office macro settings

Macros in MS Office are like little applications that run within Word, Excel, or other Office apps. While these can be great for productivity in the right hands – for example, to perform a series of calculations within a spreadsheet, Macros are also an easy way to inject malicious code into systems. Macros can be turned off or used in limited ways for vetted users.

5. User application hardening

Applications other than those in the MS Office suite also have various quirks that can have ill effects on your applications and systems. For instance, you should configure web browsers to block ads, force https, and disable Java. This can be configured on a user group basis as needed.

6. Restricted administrative privileges

The fewer users that have administrative access to your systems, the more secure your IT landscape is. While it is certainly easy to grant your office manager administrative rights so that she can onboard contractors quickly, is this a good strategy? Leave administrative privileges to those who are trained in IT. 

7. Multi-factor authentication

Now that we are working from home and on mobile more often than ever before, there are more incoming external connections to our networks. To ensure that these connections are made via actual employees, we can deploy multi-factor authentication, for extra validation that a user is who they say they are.

8. Daily backups

For critical systems and files, making daily backups that are stored for at least three months is your insurance policy against a major cybersecurity event – such as ransomware locking up all your files. Backups need to be policed to ensure they are not susceptible to the same attacks.

The Australian Cyber Security Centre also outlines three maturity levels of the Essential Eight, with the aim to roll out these suggestions in phases. By reaching maturity level three, you can be confident that you’re up to date with the recommended best security practices. 

For instance, when we are talking about patching operating systems, to reach maturity level three: 

  • any extreme risk vulnerabilities will be patched within 48 hours of identification
  • with automated patch recording in place for record-keeping
  • and systems that are no longer vendor-supported are replaced with new equipment.

How do we do it at A1 Technologies?

By improving security levels across these vectors on an ongoing basis, based on best practices, we can offer our clients a comprehensive security solution, rather than one that’s implemented an ad-hoc and/or reactive basis.

Our offering includes quarterly active security improvements as part of our standard service. We review and add Security Controls monthly, then release these to our clients to continuously improve client security maturity levels. 

Below is one of our clients that we release updates to: from establishing a new Office 365 tenant to progressive planned improvements in security. The below is delivered with a minimum recommended Microsoft 365 Business Premium licensing model.

As you can see, across the course of several months, our client’s Secure Score has improved significantly, and they now have an 81.1% rating, with 47.04 points out of 58 achieved. While the Microsoft Secure Score is just one way to measure organisational security, it helps demonstrate that the security measures implemented are keeping our client on the right track.

How do you improve your security levels? If you are struggling to keep up with the latest security updates or need a better way of managing security across your organisation, then come and speak to us. Our security offerings as a managed service might be just what you need for business peace of mind. We can help with security across threat detection and prevention, backup and disaster recovery, network security, managed hardware, secure email, and can perform cybersecurity assessments to see how mature your organisation is – and where you could be.

Subscribe to our newsletter

Enter your email and stay in touch with the latest updates from A1.

Call us now