Security for law firms
The Essential Eight is a collection of cybersecurity strategies
created by the Australian Signals Directorate (ASD), the
government agency responsible for cybersecurity in Australia. Its
primary goal is to assist organizations in protecting themselves
against targeted cyber-attacks.
At Innessco, we strongly encourage organisations to assess their
security setup and compare it to the Essential Eight.
This will provide valuable insight into the extent to which your
cybersecurity posture aligns with the Australian Government’s
recommendations, and how effective you are in detecting and
responding to cyber threats. By using the Essential Eight as a
reference point, you can identify gaps in your security measures
and take appropriate action to enhance your defences.
The Essential Eight consists of eight mitigation strategies that organisations can implement to mitigate cybersecurity risks.
These strategies are:
01
Application whitelisting:
This strategy involves only allowing approved applications to run on a system. It can help prevent malicious software from running on the system.
02
Patching applications:
This strategy involves regularly updating applications to ensure that any vulnerabilities are patched. It can help prevent attackers from exploiting known vulnerabilities.
03
Patching operating systems:
This strategy involves regularly updating the operating system to ensure that any vulnerabilities are patched. It can help prevent attackers from exploiting known vulnerabilities.
04
Restricting administrative privileges:
This strategy involves limiting administrative privileges to only those who need them. It can help prevent attackers from gaining access to sensitive systems and data.
05
Multi-factor authentication:
This strategy involves requiring more than one form of authentication to access a system or application. It can help prevent unauthorized access to systems and data.
06
Backing up data:
This strategy involves regularly backing up data to ensure that it can be restored in the event of a cyber-attack or data loss.
07
Enabling daily system backups:
This strategy involves regularly backing up system configurations to ensure that they can be restored in the event of a cyber-attack or system failure.
08
User education:
This strategy involves educating users about cybersecurity risks and how to protect against them. It can help prevent users from falling victim to phishing scams or other forms of social engineering.
Innessco’s security solution
Innessco offers two IT platforms, Cloud PC and Managed PC, which are built on Microsoft’s Windows 365 Cloud PC and Microsoft 365 Business Premium. These solutions offer a range of security features that can be tailored to prevent, detect, and respond to cyber threats. By choosing Cloud PC or Managed PC, we can configure the security options on your behalf, providing you with greater control over your organisation’s security posture.
With respect to the Essential Eight mitigation strategies, the following details how we can address these with the Cloud PC and Managed PC platforms.
01
Application whitelisting:
Microsoft 365 Business Premium includes Application Control, a feature that allows organizations to control which applications are allowed to run on their devices. Innessco can use this feature to control what software can be installed on your Cloud PC or Managed PC.
02
Patching applications and operating systems:
Windows 365 Cloud PC and Microsoft 365 Business Premium both provide automatic updates for applications and operating systems. Innessco’s Cloud PC and Managed PC service also ensures that security patches for non-Microsoft products are also applied in a timely manner.
03
Restricting administrative privileges:
Microsoft 365 Business Premium includes administrative controls that allow organizations to restrict administrative privileges to only those who need them. Innessco uses this administrative control to who had admin access to your Cloud PC or Managed PC and the associated applications.
04
Multi-factor authentication:
Microsoft 365 Business Premium includes Multi-Factor Authentication (MFA), which requires users to provide more than one form of authentication to access their accounts and data. Windows 365 Cloud PC also supports MFA, which can help prevent unauthorized access to systems and data. By default, Innessco’s Cloud PC and Managed PC platforms ensure that MFA is enforced by default.
05
Backing up data:
Microsoft 365 Business Premium includes OneDrive for Business, a cloud-based storage solution that allows users (organisations) to back up data from their PC to the cloud. For organisations who select the Cloud PC platform, any servers that you require are hosted in Azure and their backup is managed via Azure Backup.
06
Enabling daily system backups:
Microsoft 365 Business Premium includes Exchange Online, SharePoint Online, and OneDrive for Business. For all 3 products, Microsoft automatically replicates data between multiple datacenters located in different geographic regions to help ensure high availability and resilience. Microsoft recommended that organizations implement an additional comprehensive backup and recovery solution, such as a third-party backup service or cloud-to-cloud backup, to ensure they have a complete backup of their critical data. Innessco’s support this recommendation via an AvePoint cloud-to-cloud backup addon that can be purchased with your Cloud PC or Managed PC.
07
User education:
Microsoft 365 Business Premium offers a variety of user education options, including security training and awareness resources. While some of these resources are intended for system administrators, some modules can be highly beneficial for legal teams as well. Additionally, we recommend Vertex’s online Cyber Security Fundamentals training, which is delivered in brief, 5-minute monthly modules to increase the likelihood of completion by your team. This training is specifically designed to enhance your teams knowledge of cybersecurity.
Benefits of using Innessco’s
Cloud PC or Managed PC
Supports all Essential Eight
security strategies.
Leverages Microsoft’s enterprise
security solutions.
Review and implement Microsoft’s
security recommendations.
Ensure Microsoft Security Score
exceeds organisations of similar size.
Innessco manages patching of
both Microsoft and Non-Microsoft
applications.
Includes Helpdesk Support for
your team’s specific security
concerns regarding emails,
documents and websites.
Don’t just take our word for it!
We’ve worked with over 50 law firms across Australia to create a tier one IT environment.
