Essential Eight Cybersecurity Checklist

A practical, plain-English guide to strengthening your business against ransomware and cyber attacks.

Essential Eight Cybersecurity Checklist – Tensor Security
The Essential Eight is the minimum cybersecurity baseline recommended for all Australian businesses. Implementing these eight core strategies helps prevent breaches, block malware, and rapidly recover if an incident occurs.

Application control ensures only approved, trusted applications can execute on your systems.

Why it matters:
  • Blocks ransomware attempting to run unauthorized executables
  • Prevents users from installing risky or unlicensed software
  • Stops malware embedded in attachments or downloads
Key actions:
  • Maintain an approved whitelist of allowed applications
  • Block everything else by default
  • Apply application control across all endpoints

Keeping applications updated closes vulnerabilities attackers exploit.

Why it matters:
  • Prevents exploitation of outdated browsers, Office apps, Java, PDF tools
  • Protects users against document-based malware
Key actions:
  • Patch critical vulnerabilities within 48 hours
  • Enable auto-updates wherever possible
  • Remove unsupported software entirely

Macros remain one of the most common malware entry points.

Why it matters:
  • Stops phishing attachments from launching malicious scripts
  • Prevents malware delivered through Office documents
Key actions:
  • Disable all macros from the internet
  • Only allow macros signed by your organisation
  • Use Group Policy to enforce macro restrictions

Harden user applications to block dangerous features and content.

Why it matters:
  • Reduces browser and plugin-based malware attacks
  • Prevents risky content such as Flash or Java from running
Key actions:
  • Disable Flash, Java, ads, and legacy plugins
  • Block dangerous scripting features
  • Restrict risky Office features

Admin accounts grant the highest level of control — and the highest risk.

Why it matters:
  • Prevents attackers from taking over your systems
  • Reduces lateral movement within your network
Key actions:
  • Use separate admin and user accounts
  • Audit privileges regularly
  • Remove admin rights from non-technical users

Outdated systems are a major cause of breaches.

Why it matters:
  • Closes critical vulnerabilities in Windows, macOS, Linux
  • Prevents ransomware exploiting old systems
Key actions:
  • Patch within 48 hours
  • Upgrade to supported OS versions
  • Retire unsupported devices

MFA dramatically reduces account takeover risk.

Why it matters:
  • Prevents unauthorized access even if passwords are stolen
  • Protects cloud services, email, VPNs, admin tools
Key actions:
  • Enforce MFA for all admin accounts
  • Enable MFA for remote access and VPN
  • Require MFA for business-critical systems

Reliable backups ensure rapid recovery after cyber incidents.

Why it matters:
  • Protects your business from ransomware
  • Ensures you can restore data quickly
Key actions:
  • Perform daily backups
  • Store offline / offsite copies
  • Test restores regularly

Need Help Implementing the Essential Eight?

Tensor Security can audit your systems, secure your environment, and help you reach ACSC maturity levels.

Contact Us

Shopping Cart