The Essential Eight framework, established by the Australian Cyber Security Centre (ACSC), provides a roadmap for businesses to protect themselves against cyber threats. The Essential Eight is designed to protect Microsoft Windows-based internet-connected networks. While it originated in Australia, similar frameworks have sprung up in other countries, emphasising the universal need for a comprehensive approach to cybersecurity.


The eight mitigation strategies are:

  1. Application control. This strategy involves using software to control which applications can run on a system. This helps to prevent malicious applications from being installed.
  2. Patch applications. This strategy involves installing security updates for software as soon as they are available. Security updates can fix vulnerabilities that could be exploited by attackers.
  3. Configure Microsoft Office macro settings. This strategy involves disabling macros in Microsoft Office documents. Macros can be used to deliver malicious code.
  4. User application hardening. This strategy involves configuring user accounts to have the least privileges necessary to perform their job duties. This helps to reduce the risk of an attacker gaining unauthorized access to a system.
  5. Restrict administrative privileges. This strategy involves restricting the ability of users to elevate their privileges. This helps to prevent attackers from gaining unauthorised access to a system.
  6. Patch operating systems. This strategy involves installing security updates for operating systems as soon as they are available. Security updates can fix vulnerabilities that could be exploited by attackers.
  7. Multi-factor authentication. This strategy involves requiring users to provide two or more pieces of evidence to authenticate themselves. This makes it more difficult for attackers to gain unauthorized access to a system.
  8. Regular backups. This strategy involves regularly backing up important data. This helps to ensure that data can be restored in the event of a cyberattack.


The Relevance of Backups

Now that you understand the basics of The Essential Eight, I want to dive a bit deeper into the importance of strategy number 8 – backups.


The rise in ransomware attacks has been truly concerning. Imagine this: your organisation’s data locked away behind a digital barrier, and hackers demanding payment for the key. This is where backups become your lifeline, enabling data recovery without negotiating with criminals.

Safety Net for Human Errors

We’re only human, and in the digital realm, one wrong click can have consequences. Accidental deletions, overwrites, or other mistakes no longer mean disaster when your data is protected via secure backup.

Resilience Beyond Disruptions

Disasters, whether digital or natural, can strike without warning. Hardware failures or digital breaches can disrupt your operations. Backups provide continuity and data integrity by allowing you to restore data to a pre-compromised state, minimising downtime.


Crafting a Backup Strategy

To craft an effective backup strategy that aligns with your organisation’s needs, consider the following things:

Consistent Protection

Regular backups form the backbone of your data protection approach. Ensure your backup routine is consistent and reliable to enable you to continue business as usual with secured, restorable data.


Embrace automation to streamline your backup processes. Automation reduces the risk of human error and ensures the precision of your data protection efforts.

3–2–1–0 Rule

3: Maintain Three Copies. This includes the one actively in use and two backups. If one of your backups is unavailable for any reason, your other backup copy allows you to recover what you need.

2: Store Backups on (at least) Two Different Types of Media. By using different media types, you can mitigate the risk of a single incident causing all of your backups to be useless.

1: Keep One Backup in a Different Location. This geographical diversity ensures that your data remains safe and accessible even if your primary data location experiences a failure.

0: Ensure your Recovery Plan has Zero Errors. Your data backup strategy is only as strong as its ability to deliver when needed. Many organisations invest in a comprehensive recovery plan but neglect to test it thoroughly. Regular testing is essential to confirm that it can effectively safeguard your critical data and systems.

With Software as a Service (SaaS) solutions, it has become far easier for organisations to employ the 3–2–1–0 rule. SaaS solutions offer a simple and cost-effective way to maintain multiple backups on different media in distinct locations, through simple policy and automation.


Learn More

For further insights into the Essential Eight framework, consider exploring these resources provided by the Australian Cyber Security Centre:

In a world where we depend on digital data, the Essential Eight framework is a baseline for cybersecurity. Implementing all eight mitigation strategies, including a robust backup strategy, is imperative for safeguarding your organisation against cyber threats.


I hope this blog post was helpful. If you have any questions, please click here to book a call with me.