The Essential Eight – Made Simple

Cyber security can feel complex. The reality is, most organizations don’t need more tools — they need the right controls, applied properly.

That’s where the Essential Eight comes in.

Developed by the Australian Cyber Security Centre, the Essential Eight is a practical set of strategies designed to protect organizations from the most common cyber threats.

At Red Flagg™, we break this down into something that actually works in the real world.

How We Apply the Essential Eight

We focus on two key levels:

Level 0 – People First Protection

5 core controls focused on awareness and behaviour

This is where most cyber incidents begin — people.

We focus on building awareness, creating good habits, and giving your team the confidence to stop threats before they become incidents.

What we deliver

  • Phishing awareness training tailored to your team

  • Ongoing phishing simulation campaigns

  • MailCheck™ and SMS Check™ for real-time message checking

  • Simple reporting and feedback loops

  • Clear guidance when something doesn’t feel right

What this means for you:
Your team becomes your first line of defense, not your biggest risk.

Level 1 – Technical Protection

48 controls focused on securing your environment

Once your people are supported, we move into your systems.

This is where we strengthen your Microsoft 365 environment and apply the technical controls that reduce risk across your organisation.

What we deliver

  • Multi-factor authentication across all users

  • Secure configuration of Microsoft 365

  • Access controls and role-based permissions

  • Email protection, filtering and domain security

  • Ongoing monitoring and investigation of threats

  • Security policies aligned to Essential Eight

What this means for you:
Your environment is actively protected, not just monitored.

The Essential Eight Controls

The Essential Eight is made up of eight key strategies:

  1. Application control

  2. Patch applications

  3. Configure Microsoft Office macro settings

  4. User application hardening

  5. Restrict administrative privileges

  6. Patch operating systems

  7. Multi-factor authentication

  8. Regular backups

How Red Flagg™ Brings This Together

Most organisations struggle because these controls are:

  • Too technical

  • Poorly implemented

  • Not maintained

We change that.

Our approach

  • We make it simple

  • We apply controls properly

  • We support your team day to day

  • We stay involved, not just set and forget

Why This Matters

Cyber threats don’t need to be advanced to cause damage.

Most incidents happen because:

  • A message wasn’t checked

  • Access wasn’t restricted

  • A setting wasn’t configured

The Essential Eight addresses exactly this.

Start With Where You Are

You don’t need to be perfect to get started.