Get familiar with the ACSC Essential Eight (E8)


The Government has endorsed the E8 as recommendations for business to follow. IT security is not limited to just these recommendations but are a good baseline to secure your business.

Here are the most important things to know:

  • The E8 is a proven framework to mitigate cyber threats
  • It can be adopted at any level of security maturity
  • It provides a step-by-step process of ongoing improvement
  • Every organisation should use it


Why would you need the ACSC E8?

Cyber threats are growing at an unprecedented rate, with attacks becoming more widespread, sophisticated, and persistent. As more people worked from home during the pandemic, often with unsecured devices and networks, cyber criminals saw massive opportunities.

In fact, during the 2020–21 financial year, the ACSC received over 67,500 cybercrime reports, an increase of nearly 13 per cent from the previous financial year .

Small to Medium Businesses are an attractive target for cyber criminals because they generally don’t invest as much as a larger Organisation with an in-house IT Team.

The main objective of the hackers is Data theft, business disruption, and ransom demands that often result in financial loss, and the impact on reputation can be long-lasting if a breach occurs.

What is the ACSC E8?

The ACSC has identified a comprehensive list of thirty-seven strategies to mitigate an organisation’s exposure to cyber threats. Of these, eight were chosen as the most essential to stop systems being compromised by attacks.

It’s important to note here that the E8 strategies to mitigate cyber security incidents are specifically designed for Microsoft Windows systems that are connected to the internet.

Not every organisation has to comply with the E8. It’s only mandatory for government agencies. However, the ACSC recommends that private business implements these controls. And that’s especially relevant for professional services businesses, for example, Real Estate Agencies, Lawyers, Medical, or any industry that collects customer information.

Why professional services businesses should embrace the E8

Statistics show that cyber-crime is on the rise. SMBs are an easy target because they generally don’t have the security budgets or resources that large enterprises have.

Here at CB Computers, we’ve also seen increasing attacks on professional services organisations. In addition, professional services clients are wanting proof of how the organisation is securing their data, especially considering recent supply chain attacks.

By embracing the E8 and working towards higher maturity levels, you can give your clients the confidence to do business with you.

How does the E8 work?

Not surprisingly, the E8 comprises eight pillars. They cover off the fundamental strategies to mitigate cyber security incidents, from basic computer security to Microsoft 365 data protection and compliance.

At CB Computers, we follow best practice when implementing the E8 mitigation strategies for cyber-attacks:

  1. Application Control.Only allow a defined and approved set of applications to run. Never let unsanctioned applications access your systems.
  2. Patch Applications.Make sure you have the most up-to-date software.
  3. Configure Microsoft Office Macro Settings.Don’t use macros unless you need to as these are a common entry point for attack.
  4. User Application Hardening.Configure your applications to be more secure. For example, ensure web browsers have been set to block Java script.
  5. Restrict Administrative Privileges. Hackers use admin permissions to compromise systems. Only approved staff should use the admin logon.
  6. Patch Operating Systems.Ensure you keep your Windows operating system up to date with security patches. This should be done automatically.
  7. Multi-factor Authentication. This is crucial. Make sure you use multi-factor authentication for access to not only Microsoft 365, but to any other software or cloud service that your business uses.
  8. Regular Backups.Even if you have your data in Microsoft 365, you should still back it up elsewhere as data in both Microsoft 365 and Google Cloud is not backed up.

How can CB Computers help?

Since our inception in 2008, we’ve worked very closely with professional services businesses like accountancy and real estate firms. This enables us to understand their specific risks and challenges.

Many of these companies have asked us to help implement security controls in their organisation. This includes deployment of the E8, where we work with them on an ongoing basis.

See how we make the E8 easy

We work closely with our clients, using existing tools within Microsoft 365 and third-party software to:

  • Proactively prevent malicious damage
  • Create a baseline to reduce risk factors
  • Mitigate possible data loss.


We can provide a free E8 Assessment for Businesses with 10 staff/devices or more.