See where your business is exposed, and what to do about it. Free, private, yours.
Built for Australian SMBs
Tradies · Retailers · Accountants · Healthcare
Work through simple yes/no questions about your current security practices. No jargon, no judgement.
46 questions at Level 1. About 15 minutes.
Eito maps your answers against the Essential Eight framework and shows exactly where the gaps are.
Prioritised by severity and effort to fix.
Get a prioritised action plan and a professional PDF report you can share with your IT provider.
Plain English remediation steps for every gap.
The ACSC Essential Eight. Tap any strategy to learn what it means for your business.
Each level builds on the one before it. For most small businesses, Level 1 across all eight strategies is the target. Don't let anyone tell you otherwise.
Protects against common, opportunistic attacks. MFA on internet-facing services, regular patching, daily backups, restricted admin privileges. This is the right target for most Australian SMBs.
Who needs this: Every Australian organisation, regardless of size or industry.
Tighter controls, shorter timeframes. Phishing-resistant MFA, 48-hour critical patching, stricter admin separation, and enhanced logging.
Who needs this: Healthcare, financial services, government contractors, DISP members.
The highest maturity level. Hardware MFA tokens, immutable air-gapped backups, real-time alerting, penetration testing. Significant investment required.
Who needs this: Government, defence contractors, critical infrastructure operators.
Want the full breakdown? Read the guide
Here's how Australian SMBs use Eito to get on top of their cyber security.
Their IT provider is coming in next week. They run a Quick Check in 5 minutes, see exactly where the gaps are, and walk into the meeting knowing which questions to ask about patching, backups, and admin access.
Business Owner
Auto Electrical, Brisbane
Not a tech person, but responsible for cyber risk at the practice. They complete a full assessment in 15 minutes, download a PDF report, and share it with their managed service provider to get the right things fixed first.
Practice Manager
Dental Clinic, Geelong
An upcoming contract requires Essential Eight alignment. They use Eito to identify the biggest gaps, understand what Level 1 maturity actually means for their business, and build a clear plan for what to tackle first.
Director
Construction, Adelaide
The Essential Eight is a set of eight practical strategies to keep your business safe online. It was developed by the Australian Cyber Security Centre (ACSC). The eight areas cover things like app control, updates, admin access, and two-factor login.
No. Eito is a free, independent community tool built in Australia. It is not linked to the government or the ACSC. For an official assessment, talk to the ACSC or a certified assessor.
Yes. Your data stays on your device. Eito runs entirely in your browser with no server-side processing. Your answers are never seen, saved, or sent anywhere. The PDF report is also generated on your device.
About 15 minutes for a full assessment. You can skip any question you're not sure about and your results will still be useful. There's also a 5-minute Quick Check if you just want a snapshot.
Eito covers Maturity Levels 1 to 3 based on the ACSC Essential Eight Maturity Model. Level 1 is the baseline that protects against common, opportunistic attacks. It's the right target for most Australian SMBs. Level 2 adds tighter controls for organisations handling sensitive data, like healthcare, financial services, and government contractors. Level 3 is the highest level, primarily for government departments, defence contractors, and critical infrastructure.
Yes. Your answers are saved in your browser. You can close the tab and come back later. But if you clear your browser data, your progress will be lost. Try to finish in one go if you can.
Eito is a free community project built in Australia by Cas Bitton. It's not affiliated with any government body, consulting firm, or commercial interest. The goal is simple: help every Australian business understand and improve their cyber safety. Learn more on the About page.
Yes, Eito is completely free. No paywalls, no premium features, no hidden costs. I believe every Australian business should have access to tools that help them check and improve their cyber safety.
The Australian Cyber Security Strategy 2023-2030 sets out a vision where Australian businesses are cyber resilient and can protect themselves from common threats. Shield 1 of the strategy focuses on helping small and medium businesses build strong cyber foundations. Eito directly supports this goal by making the Essential Eight accessible and actionable for every Australian business, regardless of their technical expertise or budget.
Still have questions? Get in touch →
15 minutes. Completely free. No signup. No data leaves your device.
The framework is complex. Eito makes it simple.
Written in plain English. If you can answer 'yes' or 'no', you can do this.
Get a proper PDF you can actually show people. Your accountant, your IT person, whoever needs to see it.
Eito shows you what matters most and what can wait. No more guessing where to start.