Learn & Act
Everything you need
to get started.
Practical guides, official references, and the context you need to understand your results and take action.
What is the Essential Eight?
The Essential Eight is a set of baseline cybersecurity strategies recommended by the Australian Cyber Security Centre (ACSC). They're the top 8 actions every Australian organisation can take to protect against common cyber threats, from ransomware to credential theft. Each strategy has three maturity levels, with Level 1 as the starting point for all businesses.
Practical Guidance
Quick Guides
How to Talk to Your IT Provider
Questions to ask and what to look for.
- 01Share your Eito PDF report. It gives them a clear starting point
- 02Ask which gaps they can address and what it will cost
- 03Ask who is responsible for each control (you or them)
- 04Request a timeline for fixes and ongoing monitoring
- 05If they can't explain it simply, get a second opinion
What to Prioritise First
Where to start when everything feels urgent.
- 01Critical gaps first. These are your highest-risk items
- 02Quick Wins next. Low effort, high impact improvements
- 03Focus on one strategy at a time for better results
- 04Level 1 is the foundation. Complete this before moving to L2
- 05MFA is non-negotiable. It stops most common attacks
Understanding Your Results
What those numbers actually mean.
- 01Completion % = how much you've answered, not how secure you are
- 02Maturity % = controls in place. This is your actual security score
- 03Gaps are controls answered 'No' or 'Unsure'
- 04Level 1 is the baseline every Australian business should aim for
- 05Higher levels add stronger protections for higher-risk environments
Getting Your Team Onboard
Making security a team effort.
- 01Share the PDF report with decision-makers. It speaks their language
- 02Frame security as protecting the business, not blocking productivity
- 03Start with quick wins to build confidence and momentum
- 04Assign one person as accountable for each strategy area
- 05Review progress quarterly. Security is a journey, not a destination
Official Sources
ACSC Resources
Authoritative guidance from the Australian Cyber Security Centre.
Essential Eight Maturity Model
(opens in new tab)The official ACSC document explaining each strategy and what's required at each maturity level.
Australian Cyber Security CentreEssential Eight Assessment Process Guide
(opens in new tab)How to assess your organisation's implementation. The same process formal assessors follow.
Australian Cyber Security CentreStrategies to Mitigate Cyber Security Incidents
(opens in new tab)The broader set of 37 mitigation strategies. The Essential Eight are the top 8 from this list.
Australian Cyber Security CentreSmall Business Cyber Security Guide
(opens in new tab)Practical, plain-English advice for small businesses. A great starting point if you're new to this.
Australian Cyber Security CentreInformation Security Manual (ISM)
(opens in new tab)The Australian Government's comprehensive cybersecurity framework. More detailed than Essential Eight and typically used by larger organisations.
Australian Cyber Security CentreReport a Cyber Incident
(opens in new tab)If you've experienced a cyber incident, report it to the ACSC. They can help and your report helps protect others.
Australian Cyber Security CentreNeed Help?
Not sure where to start?
Drop me a line. Happy to point you in the right direction.
Get in TouchGet Started
Ready to find your gaps?
Take 5 minutes to run a free Essential Eight Quick Check. No account required. Your data never leaves your browser.
Start Free Assessment