Our Blog

IT support role in managed contract. Essential 8 core components

In this modern digital age, individuals, and businesses enjoy a vast number of conveniences that we would have thought impossible several decades ago. However, despite the many amazing advancements in technology, and the modern conveniences we have come to rely on; there also comes a great deal of potential threats – by way of cyber security (or rather, a lack thereof).

As a modern business owner, if you wish to remain safe and secure from any potential third-party threats, you need to have the appropriate fail-safe systems in place.

Enter the IT support provider. What is their role within a managed IT contract? And what are the “Essential Eight” core components of the mitigation strategies associated with running a tight ship?

Read on and we will tell you everything you need to know…

What is an IT support provider and what role do they play within a managed IT contract?

Before we get too deep into the “Essential Eight”, first let’s begin with the basics:

What is an IT support provider?

An IT support provider, simply put, is a proactive third-party IT firm that is able to anticipate your needs and deliver a wide variety of technology services and solutions.

This could be as simple as helping you to set up and establish an in-house IT system with all of the software and applications necessary for your business to operate on a day to day basis – or it could be a fully managed IT contract with remote monitoring and cybersecurity to boot.

What role does your IT support provider play within a managed IT contract?

When you enter into a managed IT contract with a third-party IT support provider, you are essentially handing over full responsibility of your IT requirements.

Your chosen IT support provider will be responsible for the functionality of your in-house equipment, remote monitoring and management, updating and maintaining your software and CRM systems, providing managed public cloud services, and ensuring that your business-critical data is safe and secure from external threats.

What are the mitigation strategies that constitute the Essential Eight?

There are various strategies to help businesses mitigate cyber security incidents, however, the most effective of these strategies are referred to as “The Essential Eight”. They are as follows:

  • application control: this essentially refers to limiting the amount of access standard users have at their workstations (e.g., control panel access, HTML applications, software installers, etc.).
  • patch applications: regular vulnerability scanning takes place (at least fortnightly) in order to detect any missed patches or updates that may leave your business exposed from external cybersecurity threats.
  • configure Microsoft Office macro settings: Microsoft Office macro security settings cannot be altered by users and they are completely inaccessible to those who do not have a genuine business requirement.
  • user application hardening: web browsers will be restricted from processing things like Java and web advertisements from the internet. Additionally, browser security settings cannot be accessed or updated by general users.
  • restrict administrative privileges: this ensures that only certain ‘privileged’ accounts can access the internet, email, and web services – including various other software and applications. Again, unless there is a demonstrable need for such access, it will be restricted.
  • patch operating systems: this includes everything from vulnerability scanning and identifying missing patches and updates, to replacing operating systems that are no longer supported by the original vendors.
  • multi-factor authentication: multi-factor authentication (as the name suggests) improves the depth of security when an organisation’s users utilise third-party internet facing services that otherwise process, store, or communicate sensitive, business-critical data.
  • regular backups: this ensures that all sensitive data, software, and configuration settings are properly synchronised and backed up to a common point in time for ease of restoration in the event of an emergency. Naturally, unprivileged accounts / users are unable to access or alter these backups.

The above points are general descriptions of the Essential Eight mitigation strategies. Of course, they will vary depending on the maturity level (which we will cover shortly), and indeed the business’ scope and size.

What are “Maturity Levels” in mitigating cyber security threats?

In order to help business owners to identify their needs and implement the appropriate measures, The Australian Signals Directorate (ASD) has defined four different “maturity levels” (Zero through Three).

Naturally, the higher the maturity level, the greater the threat mitigation. For example, a sole trader with a limited income is going to be less desirable to a malicious actor (a cyber-criminal looking to exploit businesses for money) as opposed to a large enterprise with much more to lose.

That’s not to say that small businesses and sole traders are never subject to cybercrime. In fact, small businesses in Australia lose approximately $ 300 million each year due to cybercrime – so it is absolutely worth ensuring that you and your business are sufficiently protected.

Why should I implement the Essential Eight for my business?

The best defence in this case is prevention. Implementing the Essential Eight and investing in a reputable third-party IT support firm can help you save time and money rather than having to respond to a large-scale cyber security threat after the fact.

Yes, some businesses may be able to quickly recover from a cybersecurity incident, however, for many small businesses it can spell complete and utter disaster.

The Essential Eight will ensure that your business is well protected against new and emerging cybercrime (of which is rife).

Conclusion: It’s better to have it and not need it

As the saying goes: “It’s better to have it and not need it than to need it and not have it” and that applies perfectly to IT security. Understandably, the thought of hiring a third-party IT support provider might feel like an unnecessary expense as a small business, however, the stats don’t lie: roughly 60% of small businesses in Australia have reported having been a victim of cybercrime. As such, failing to have the appropriate fail-safes in place leaves you exposed to a very real and potential threat.

We hope you have found this article insightful. Should you wish to learn more about the Essential Eight, the many potential cybersecurity threats out there, or how the team at Computer Troubleshooters can help, please do not hesitate to contact us today.

Stay safe!