Knowledge base
Security knowledge
without the jargon.
Practical guides, threat intelligence, and security frameworks written for Australian business owners and IT teams. Not security academics.
Guides & reports
The Essential Eight: A Practical Guide for Australian SMEs
The ACSC Essential Eight is the baseline cyber security framework for Australian organisations. Controls, maturity levels, and how to prioritise your implementation.
The Cyber Threats Targeting Australian SMEs Right Now
Ransomware, business email compromise, and credential theft are running at high volume. This is what we are seeing right now — and the controls that stop them.
How to Train Your Staff to Spot Phishing (That Actually Works)
Generic phishing training records completions and is forgotten within a week. Here is what a programme that actually changes behaviour looks like.
10 Microsoft 365 Security Settings You Should Enable Today
Most M365 tenants are significantly under-configured. These ten settings take less than a day to implement and make a material difference.
What to Do in the First 24 Hours of a Ransomware Attack
The first twenty-four hours determine whether you recover in days or months. A step-by-step playbook for Australian business owners and IT teams.
Essential Eight Maturity Level 1: The Minimum Viable Baseline
What ML1 actually requires across all eight controls, the evidence assessors look for, and how to get there without over-engineering it.
Quick reference
The ACSC
Essential Eight.
The eight critical mitigation strategies recommended by the Australian Cyber Security Centre. All IronSights services align to these controls.
Application Control
Maintains an allowlist of approved applications and prevents everything else from executing — on workstations and servers. Stops malware from running even after a successful phishing attack.
Prevents malware executionPatch Applications
Keeps browsers, Office, PDF readers, and other user-facing software current. Unpatched applications are among the most reliably exploited entry points — particularly those exposed to internet content.
Closes known vulnerabilitiesConfigure Office Macros
Disables macros by default and allows them only from trusted, digitally signed sources. Macro-enabled documents remain a primary malware delivery mechanism in business email compromise attacks.
Blocks document-based attacksUser Application Hardening
Removes browser and Office features that attackers commonly exploit — Flash, Java, and malicious ad content. Reduces the attack surface of the applications your staff use every day.
Reduces attack surfaceRestrict Admin Privileges
Limits admin rights to the minimum required and reviews them regularly. Prevents attackers from moving laterally after initial access — containing damage to the system first compromised.
Limits breach blast radiusPatch Operating Systems
Keeps Windows and other operating systems current to close vulnerabilities actively targeted by ransomware groups and automated scanning tools. Critical patches within 48 hours at ML2.
Closes OS-level vulnerabilitiesMulti-Factor Authentication
Requires a second factor for all internet-facing services and privileged accounts regardless of network location. The single most effective control against credential-based attacks and account takeover.
Stops credential attacksRegular Backups
Maintains daily backups in a location disconnected from the primary network, protected against modification, and tested regularly. The only reliable recovery path when ransomware encrypts production systems.
Enables ransomware recoveryNot sure where to start?
We'll tell you exactly
what you need.
Book a free Essential Eight maturity assessment. We review your current controls, identify gaps against ML1 or ML2, and give you a clear remediation roadmap. No obligation.
Essential Eight assessment
Understand your maturity
in one session.
We map your current state against all eight controls, identify your highest-priority gaps, and recommend a realistic path to ML1 or ML2. No sales pitch. No pressure.
Get an Essential Eight assessment →Call 1300 004 766