Companies need to consider their cyber security more than ever due to the increased threat of hacking and cybercrime.

This threat has been highlighted by cyber security experts for years, but it wasn’t until May 2022 that the Australian Federal Court made a decision to place the responsibility of cyber security defence on companies that operate in financial services. The court ruled that an Australian financial services company failed to meet its obligations by not mitigating its cyber security risks thoroughly.

This has set a precedent for all other financial services companies in Australia, as the burden is now on them to ensure their cyber security standards are up to scratch. Unfortunately, this is the result of growing threats of cyber attacks in recent years. Failing to protect against things like brute force hacking could lead to serious leaks of personal information as well as financial problems for companies and clients alike.

As a result of this ruling, the Australian Securities and Investment Commission (ASIC) outlined that all financial entities adhere to the latest guidance from the Australian Cyber Security Centre. One of the main tenets of their guidance is adopting the Essential Eight framework which provides a good foundation for cyber security and compliance.

What is the Essential Eight?

The Essential Eight is a type of cybersecurity framework established by the Australian Signals Directorate. It’s an iterative piece of guidance that’s changed considerably over the past 5 years, bringing in additional strategies and components to their guidelines. The eight strategies outlined in this framework include:

• Application control

• Patch applications

• Configure MS Office macros

• User application hardening

• Restricting administrative privileges

• Patch operating systems

• Multi-factor authentication

• Daily backups

These eight strategies fall into one of three distinct categories: preventing attacks, limiting attack impacts and data availability.

What is the Essential Eight maturity scale?

If you’re adopting the Essential Eight framework, you can monitor and assess compliance levels using the Essential Eight maturity scale. This breaks progress into one of three different levels, including:

• Level one: Partially aligned with the strategy goals

• Level two: Mostly aligned with the strategy goals

• Level three: Fully aligned with the strategy goals

The maturity scale is particularly useful because it can be tailored to address the unique risks found in specific organisations. This level of customisation makes the scale more useful when addressing compliance, as it ensures everyone involved knows the specific actions and steps necessary to progress through the levels.

At the moment, guidelines from the Australian Signals Directorate suggest that all businesses in Australia reach level three of the maturity scale to ensure their protection against cyber threats. With that said, the Essential Eight is seen as the minimum level of protection that a company should strive for. These strategies are ideally used alongside more advanced and tailored solutions for businesses to prevent cyber attacks.

Is the Essential Eight a legal obligation?

Due to the increased threat of cyber criminality and our growing reliance on the internet for business, the Australian Federal Government is going to mandate the Essential Eight framework for all non-corporate Commonwealth entities. Prior to these changes, it was only expected that the top four controls found in the first objective in the Essential Eight were followed by all organisations. Now, all eight strategies are to be adhered to.

Part of this new mandate will involve assessing companies to ensure they’re maintaining compliance. As a result of this, all organisations expected to comply with the Essential Eight will also receive an in-depth audit every five years to assess their security measures, starting in June 2022.

Other approaches to reducing the risk of cyber attacks

As mentioned above, the best way to protect your business is by going beyond the minimum level outlined in the Essential Eight. There are many different tools and strategies you can bring in to help with this, but enlisting the expertise of an Accounting Service provider like 360 Accounting Services is one of the most effective approaches. Bringing in the experts can help with a number of things, such as:

• Establishing systems to provide you with greater control over your cloud-based applications and websites.

• Providing guidance around compliance with regulatory requirements and best practices for your industry.

• Experience high-quality support, training and other resources for the organisation to help with cyber security and protection.

As the need for stronger cyber security strategies continues to grow, having the right expertise on your side is becoming more important. Whether you’re an accounting firm or another type of financial services provider, it’s vital that you have the right infrastructure and intelligence in place to protect your business - and your clients - from the threat of cyber attacks.

360 Accounting Services is proud to be Accounting Data Security Standard Certified and we have implemented Practice Protect for added security. To learn more about how 360 Accounting Services can help you protect your business from the threat of cyber attacks, get in touch with our team today at 1300 360 749