We’ve literally written a Book on Cyber Security!
Optimise your business’s IT function and understand proper (and cost effective) cybersecurity essentials as a business owner in Australia.
Cybersecurity is important to any businesses with a digital footprint, but particularly those industries that store and access sensitive information. Businesses who deal in sensitive information daily, are particularly vulnerable.
FREE Cyber Security Essentials Guide for Business Owners
Cyber Security
protect your most valuable asset - DATA
We believe the size of your business (or budget) shouldn’t limit your ability to combat cyber threats. That’s why we created a service that is easy to install, easy to manage, and provides the 24/7 protection and support you deserve, at a price you can afford.
Protect your business and thwart dangerous attempts to steal your data and confidential information and gain successful data sovereignty compliance.
Our premium cyber security solutions ensure you are protected against threats like worms, trojans, rootkits, spyware, bots, & more.
PROTECT YOUR BUSINESS WITH OUR PROVEN 4 STEP METHODOLOGY
Discovery
Discover what level of maturity you have in accordance with ACSC's maturity model
Planning
Create a plan for you to be compliant and improve security posture and mitigate common security risks
Implementation
Assist you in implementing a plan to be compliant
Continuous Improvement
Work with you to resolve any current and future challenges
Essential Eight
The Essential Eight is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of adversaries. The mitigation strategies can be customised based on each organisation’s risk profile and the adversary they are most concerned about.
While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended by the Australian Cyber Security Centre to implement eight essential mitigation strategies as a baseline. This baseline makes it much harder for adversaries to compromise systems. Furthermore, implementing the Essential Eight can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.
The execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets is prevented on workstations from within standard user profiles and temporary folders used by the operating system, web browsers and email clients.
Patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.
Patches, updates or vendor mitigations for security vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, and security products are applied within one month of release.
A vulnerability scanner is used at least daily to identify missing patches or updates for security vulnerabilities in internet-facing services.
A vulnerability scanner is used at least fortnightly to identify missing patches or updates for security vulnerabilities in office productivity suites, web browsers and their extensions, email clients, PDF software, and security products.
Internet-facing services, office productivity suites, web browsers and their extensions, email clients, PDF software, Adobe Flash Player, and security products that are no longer supported by vendors are removed.
Microsoft Office macros are disabled for users that do not have a demonstrated business requirement.
Microsoft Office macros in files originating from the internet are blocked.
Microsoft Office macro antivirus scanning is enabled.
Microsoft Office macro security settings cannot be changed by users.
Web browsers do not process Java from the internet.
Web browsers do not process web advertisements from the internet.
Internet Explorer 11 does not process content from the internet.
Web browser security settings cannot be changed by users.
Patches, updates or vendor mitigations for security vulnerabilities in operating systems of internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists.
Patches, updates or vendor mitigations for security vulnerabilities in operating systems of workstations, servers and network devices are applied within one month of release.
A vulnerability scanner is used at least daily to identify missing patches for security vulnerabilities in operating systems of internet-facing services.
A vulnerability scanner is used at least fortnightly to identify missing patches for security vulnerabilities in operating systems of workstations, servers and network devices.
Operating systems that are no longer supported by vendors are replaced.
Multi-factor authentication is used by an organisation’s users if they authenticate to their organisation’s internet-facing services.
Multi-factor authentication is used by an organisation’s users if they authenticate to third-party internet-facing services that process, store or communicate their organisation’s sensitive data.
Multi-factor authentication (where available) is used by an organisation’s users if they authenticate to third-party internet-facing services that process, store or communicate their organisation’s non-sensitive data.
Multi-factor authentication is enabled by default for non-organisational users (but users can choose to opt out) if they authenticate to an organisation’s internet-facing services.
Backups of important data, software and configuration settings are performed and retained in a coordinated and resilient manner in accordance with business continuity requirements.
Restoration of systems, software and important data from backups is tested in a coordinated manner as part of disaster recovery exercises.
Unprivileged accounts can only access their own backups.
Unprivileged accounts are prevented from modifying or deleting backups.
What do we offer?
Penetration testing
Our state of the art penetration testing service tests the security of your IT Systems, by identifying weaknesses and providing recommendations.
cyber security planning
We assist in creating a cyber security plan for your organisation that not only details the security policies and procedures but also provides a framework for forward planning in responding to a security breach.
cyber security audits
We can provide a bird’s-eye view of what is on your network. We can conduct audits that against the AS/NZS ISO/IEC 27001:2006 – Information Security Management Systems standards and ensure that you are compliant.
LATEST UPDATES
ZERO DAY EXPLOIT : log4j – CVE-2021-44228
This is a compromise in the wild affecting Servers and Clients running Java or the log4j framework. A critical vulnerability that’s affecting a Java logging package log4j which
Why should small businesses in Australia be wary of cyber-attacks?
As a small business owner, one would not expect them to be a target of cyber security breaches with all the big enterprise companies around, right?
The Rising Cost Of Cyber Insurance
The fastest growing sector of the insurance industry was not on the radar for many small to medium sized businesses, until the arrival of COVID-19