Essential 8 Framework: Securing businesses through critical measures

  • last month
Amidst the rise of cybersecurity breaches, SMEs and even large corporations cannot escape massive fines costing 30% of their annual revenue. This video is a must watch for any business owner or IT professional wanting to strategically approach such situations that upholds the security of a company's confidential data. We’ll
dive into the eight strategies formulated by the Australian Cyber Security Centre (ACSC).
Visit - Essential 8 Framework
Transcript
00:00Breaches overall are expensive. The average cost of a breach here was $4.2 million, which is quite a lot for a mid market company. That's, you know, I guess, survivable, but for a small business, that could be the end of business. And, you know, when you think about, you know, some of the experiences that we've seen, we had a law firm, 30 employees, crypto lock attack, this is many years ago now, didn't have backups in place, didn't have the adequate backups in
00:29place. And the whole business stopped three weeks, and immediately hundreds of thousands of dollars a day was impacted for their business. And, you know, not only is the internal ability to deliver work impacted, but for organisations that are in the mid market or larger, very quickly, these can now turn into a media issue, as we are seeing. And so it's not only the big companies anymore, it's now mid tier companies that are being splashed across the media, when there's a
00:59problem. There's big fines on the way as well for businesses. And I don't know if they're going to throw any CTOs in jail, but the businesses themselves are going to receive pretty hefty fines. These have not yet been implemented. So they're not yet enforced. But there is basically, you know, pretty serious fine structure coming in place for larger, larger fines to be imposed for organisations that are not protecting data. And, you know, the real reason for that is that we're becoming a
01:29more privacy focused culture. And when we're a privacy focused culture, you know, the end users, whether that be our customers, or other people's personal information that we're holding, they basically don't want to have that breach. And so they're putting pressure on the government to get more serious about this. And, you know, that trickles down to us, as organisations, you can see here that the fine is up to 30% of your annual revenue for a year. And with most organisations not running anywhere near 30%
01:58of net margin, that's, you know, pretty darn, pretty darn impactful. Without cash reserves, that could also mean the end of a business, even for a large organisation. You also end up on the naughty list, which is public, which you don't want. So how do we approach, how do we approach this strategically? How do we avoid this risk? And how do we approach this, you know, internally as technology leaders? The Australian government has brought out a really great
02:28framework called essential eight. And this really gives you a guide on what are the different areas for you to be focusing on, as you build out your security strategy, and as you protect your users and protect your customers as well. And this is actually pretty easy to understand. It's been released recently. So if you haven't already had a read of it and checked it out and started modelling some of your strategy around it, this would be a great time to do that. What we deploy for our customers
02:58in strategy is all aligned to the essential eight principles. So even if you're outside Australia, you know, you may have your own specific guidelines. You know, Europe are obviously extremely privacy focused. You know, the US also have some, some guidelines as well, if you're in North America. But these are the fundamental principles that we rely on. And there's some, yeah, there's some pretty cool things with essential eight. One of those being, if you're rolling out Chromebooks, or Chrome devices to your users, two or three of these
03:28principles don't actually apply, like Microsoft Office macro settings, because they just don't exist on Chrome devices. And so this is a really great framework. We use this as a guide. And you'll see some of these concepts kind of sprinkled into the technical delivery of what we're of what we're sharing today. So there's different levels to essential eight. It's effectively like different levels of compliance. So you would start at getting to compliance with level one, then you would move to compliance at level two. Finally, you would move to compliance at level three. And then you would move to compliance at level four. So essentially, you
03:58would move to compliance at level three. And as Adrian said, as you implement security processes and security controls, you can then report those back to your insurer, and hashtag, I'm not a lawyer, so I can't officially give you advice. But, but what that allows you to do is, is potentially negotiate with your insurers to demonstrate your compliance with security principles and good security practices. And that will potentially help the business cost wise.
04:28So Adrian, do you want to jump in on this slide? Because I know this one is a bit technical with essential eight.
04:32No, I think it's just, it's good to explain that it's a bit of a journey as well. So it's not only about getting to compliance, but it's also ongoing maintenance of that. So there's quite a few things around.
04:45So you need to get to that compliance with audits, and so forth, and then implementation, then ongoing maintenance to stay compliant as well. And this journey can take, you know, to get to level three, it could be anywhere, you know, if your business is on the small end, could be, you know, within six months, but generally speaking with, you know, the mid market, it should be probably six to up to 24 months to get all the way through to level three compliance, which is, it's a bit of a journey, but, you know, well worth it in the end.
05:14The security controls are very tight when you get to level three.
05:17Yeah. And that's using, once you get to those upper levels, obviously, you're using the enterprise view of Google Workspace, because you're using features like end to end encryption on emails, you're locking down accounts with advanced protection for key people in the organization, IT administrators, you know, chief executives, those kind of people who may have additional, you know, access.
05:43It's, it's using some of the specific features of the enterprise skew to lock those down.
05:48If you're more of a small, smaller business, so like you've got less than 20 employees in the business, then, you know, starting with the basics is still a really great place to start and very important as well.
06:00So, you know, even small businesses are being attacked, even, you know, not, not just accidentally, but, but very deliberately by third party actors.
06:10And unfortunately, we're seeing pretty high instances of people stealing mobile phone numbers and porting them to other carriers.
06:18Once they have your identity, they steal the phone number, you know, then they've got two factor, you know, backup access to your account.
06:25If you've shared a password, and many people still do that, they're sharing passwords between accounts.
06:30And then, hey, presto, they're into a Google account pretty easily.
06:33And, you know, you may think, oh, well, you know, what's, what's, you know, the risk of just getting into my Google account.
06:40And unfortunately, we're seeing very, very commonly happening someone impersonating a staff member, you know, that, you know, that old scam, they email the director of the business and say, hey, I need this urgent shipment payment made.
06:51So the shipment can be released for XYZ supplier, they're using the supplier name that you recognize, they're using a process that you recognize, they're using invoice amounts that you recognize, but it's going to a bank account number that is, that is not your usual number that you would be sending it to.
07:05So even for small businesses, this is important.
07:08And at least, you know, aiming to get to something like the level one of compliance is a good move for everyone.

Recommended

8:02
I
Up next
What's new in Google Workspace
Onsite Helper
28:13
Niaga SPOTLIGHT: Cybersecurity Training for Businesses
AWANI
7:16
Essential 8 Framework_ Securing businesses through critical measures
Onsite Helper
0:45
How to Setup Google Credential Provider for Windows
Onsite Helper
1:36
Cybersecurity: Hackers threaten critical infrastructure
DW (English)
41:09
Community Q&A Google Workspace Specialists
Onsite Helper
6:00
National Cybersecurity Awareness Month with Meta
CW7 Arizona
1:53
Zero-Trust Security_ A New Era of Cybers
Badea3
3:43
Cybersecurity
Roshni WithHina
1:18
Entrepreneurs Need to Get Serious About Security -- Now
Entrepreneur
5:34
Restore emails/gmail from Google takeout
Onsite Helper
0:50
Dark Web What it is & How Does it Work
Onsite Helper
0:27
Security affects your company's level of productivity. Have you run a security check recently? Reach to us now
Onsite Helper
0:16
Managed services can cut down costs in your business
Onsite Helper
5:01
Covid-19 related IT security threats targeting Australian remote employees _ Onsite Helper Australia
Onsite Helper
0:30
Invest in cloud service providers with Onsite Helper
Onsite Helper
0:45
Keep Your Medium Sized Business Assets Safe and Secure With Our Range of Managed IT Support Services
Onsite Helper
5:32
Google Pixelbook Go review and setup for Chrome Enterprise
Onsite Helper
3:44
How to record Google Chromebox for meetings
Onsite Helper
37:13
Beat the Google Workspace Price Rise 2023
Onsite Helper
8:52
Google Hangouts Meet Hardware unboxing, setup & demo
Onsite Helper
23:52
Google WORKSPACE has replaced G SUITE. Comparison of the features by Onsite Helper
Onsite Helper
12:41
How to Use S/MIME as an Extra Layer of Email Protection
Onsite Helper
5:31
How to delete & archive G Suite accounts with Google Takeout
Onsite Helper
23:52
Google Workspace Has Replaced G Suite
Onsite Helper