From small town to big security, with the ASD Essential 8

May 29, 2025

Cybercrime is on the rise in New Zealand, with CERT NZ recording $6.8M in reported financial losses in Q4 2024 alone. For small-town businesses, the stakes are even higher.


Still, with all this uncertainty, there’s one thing we know for sure: a solid approach to cybersecurity is non-negotiable for businesses of all sizes.


That’s why we have adopted the Australian Signals Directorate (ASD) Essential 8 framework to enhance its cybersecurity practices.


But what exactly is the ASD Essential 8, and why have we decided to make it the star of our security show? Let's break it down.

Meet the ASD Essential 8

The ASD Essential 8 isn’t rocket science—but it is smart science. It’s a set of eight key mitigation strategies, carefully crafted by cybersecurity experts at the ASD. These strategies are designed to strengthen your cybersecurity defences and prevent the majority of cyberattacks aimed at businesses.


Here’s the gist of the eight strategies:

1. Application control

Only approve specific applications to run on systems, preventing unwanted programs from sneaking in like an uninvited guest.

2. Patch applications

Update software regularly to fix vulnerabilities before hackers get a chance to exploit them.

3. Restrict Microsoft Office macros

It may sound technical, but this is like locking the doors on the fancy features that attackers love to exploit in tools like Word and Excel.

4. User application hardening

Digitally detox your apps to prevent pesky components—like Java—that attackers often use to infiltrate your software.

5. Restrict administrative privileges

Not everyone should have the keys to everything. Limiting access makes it less likely for privileged accounts to be exploited.

6. Patch operating systems

Not everyone should have the keys to everything. Limiting access makes it less likely for privileged accounts to be exploited.

7. Multi-factor authentication (MFA)

Not everyone should have the keys to everything. Limiting access makes it less likely for privileged accounts to be exploited.

8. Regular backups

Not everyone should have the keys to everything. Limiting access makes it less likely for privileged accounts to be exploited.

Why you should say ‘yes’ to the Essential 8 framework

Although New Zealanders are clear on the price tag of a data privacy fail (thanks to our Privacy Act 2020), we don’t currently have a formalised cybersecurity framework.


So, we’ve turned to one of the best examples globally—enter Essential 8!—to ensure our cybersecurity methods are top-notch.


Here’s why the framework ticks so many boxes, and makes a real difference for New Zealand businesses:

  • It’s a clear and actionable plan
    The Essential 8 lays out an easy-to-follow roadmap to boost cybersecurity maturity, giving businesses realistic steps to work towards.

  • It works for everyone
    This framework is a great fit for businesses of all sizes, especially New Zealand’s small and mid-sized enterprises.

  • It builds trust
    Boost your reputation and earn your customers' confidence by proving you’re serious about keeping their data safe.
The four maturity levels of the Essential 8

The takeaway? If you’re desirable to cybercriminals (while all businesses are targets, some industries are regarded as more attractive than others!), you’re probably already on their radar. To help improve your ability to withstand and recover from attacks, the Essential 8 defines four maturity levels designed to step you through shoring up your defences.


Here’s how to tell where you are in the scheme of things:

  • Maturity Level Zero:
    At this level, you’re in the red zone. You most like have major security gaps and significant weaknesses in your security posture (no policies or oversights, and a target on your forehead). You’re a bit of a sitting duck when it comes to cybercriminals looking for an easy win, as you have few defences against an attack, and little awareness. At zero level, your data and systems are at risk of compromise.

  • Maturity Level One:
    Level one signifies that taken the first steps to bolstering your security. You’ve added basic measures like patching systems, using multi-factor authentication, and blocking risky behaviours (like disabling shady Office macros). These mitigation strategies will address ease of initial access to your systems and reduce the risk of cyberattacks. However, you are still vulnerable if even a mildly determined attacker turns their attention to you and your data.

  • Maturity Level Two:
    At level two, your business has made some real progress. You’ve achieved intermediate application of the Essential 8 strategies, enhancing your cyber security defences and protecting against common social engineering techniques. You now have a reasonable defence against any more advanced adversaries that might be specifically targeting you. The controls you introduced at Level One are tighter; you’re reacting more quickly, logging high-risk activities, and are considering a broader scope of potential threats.

  • Maturity Level Three:
    Level three is gold standard! You’re now focusing on mitigating threats from some seriously determined and resourceful cybercriminals who have you firmly in their sights. You’ve implemented all of the Essential 8 strategies, your staff are trained and highly aware of how to recognise and react to potential threats, and you have an ongoing strategy to review and refine your defences. Being on constant alert for cyberattacks is now part of your DNA.
Time to partner with a cyber superhero

Our cybersecurity solution, Yorb Defender 2.0, can help you to reduce your risk exposure. As your trusted cybersecurity partner, it aligns with the Essential 8, and means:

  • You are protected 24/7 and aligned with best-practice security standards
  • You’ve got backup and don’t need to compromise on productivity
  • Your security posture just gets better, so your people are safer
  • You're compliant and insurable
  • Your devices are no longer the weakest link
  • Your Microsoft 365 tenancy is always current
Why cybersecurity should be every Kiwi’s best friend

93% of Kiwis reckon cyber threats hit everyone, from people to the economy, but fewer than half say they’re ready to handle a cyberattack. With $17.8M lost to scams last year, it’s obvious plenty of organisations are still dodging the truth: compliance isn’t optional, it’s their job.


Not sure where you stand on the ASD Essential 8 maturity scale? Don’t wait for a cybersecurity wake-up call. Reach out to Yorb today to learn how simple and powerful protecting your business can be.

Recent Posts

MCI & Associates and Yorb: A journey from support to strategy

April 10, 2025
MCI & Associates is an accountancy firm with over 45 employees across offices in Dannevirke and Pahiatua. The practice services a diverse range of clients, including those in the farming and commercial sectors, and its core services include tax preparation, business advisory and planning, and general accounting. The relationship between Yorb and MCI goes back over three decades to when both companies were in their formative stages. The trust-based relationship has endured and evolved as each business has grown and matured - going through name and ownership changes.

Cyber security in small-town NZ: why it’s time to pay attention

March 26, 2025
If you think cybercriminals only go after big corporations in major cities, think again.  The majority of incidents recorded by the NCSC impact individuals and small to medium businesses, proving that cyber threats don’t discriminate based on location - they target opportunity. With over 23,000 reports to the Netsafe helpline, and $17.8M in losses reported last year, small-town businesses are very much in the spotlight. In the past few months alone, three local accounting firms in regional New Zealand have suffered a data breach,and local ISP - Inspire was recently the target of a malicious cyber attack.

What's happening at Yorb - Q1 2025

March 21, 2025
We've had a flying start to the year, and given we're really just past the point where you start to realise what day it actually is, we thought we'd share everything we've been working on lately. 2024 In Review As we reflect on 2024, it's clear that this year has been one of remarkable achievements and significant advancements for Yorb. We were very proud that we won the Reseller News Innovation Awards in the Regional Partner Category, a testament to our commitment to excellence and innovation. AI has continued to dominate the headlines, with some businesses making great strides in how they work and interact. However, the majority are still grappling with understanding the full impact of this technology on their business, industry, and society. As we navigate this evolving landscape, companies must adapt to the security implications, ensure the integrity of data, and adjust to changing work and consumer patterns. In line with our commitment to security, we launched our new Security Platform, Yorb Defender 2.0. Designed from the ground up to be Essential 8 compliant, we believe this solution is now a best-in-class product that meets the requirements of modern business. 2025 Looking Forward Looking ahead to 2025, we have set ambitious goals following the EOS business framework. Our recent Annual Planning has helped us develop our 10-year, 3-year, and 1-year goals, with a strong focus on several key areas: Client Experience: We are dedicated to ensuring that every interaction with Yorb meets and exceeds your expectations. Automation Platforms: We will continue to develop our automation platforms to provide more consistent and efficient service. Investing in New Technologies: Our focus will be on AI, Hyper-Automation, and Data Governance to stay ahead of the curve. Team Development: We are committed to investing in our team, ensuring they receive the best skills training in technical, people, professional, and business areas. We will are also excited to be launching business peer groups focussed around AI, bringing together business owners and leaders from across the regions to explore what the future holds for all of us. This year we are injecting new energy into our Total Support agreement, we believe there is more to our partnership than phones calls, Teams Conferences and remote support. We are therefore introducing ongoing scheduled visits as part of the contract, alongside a productivity focus with scheduled access to our development team. Kicking off this year will be monthly seminars on topics such as Security, AI, Productivity, we want to hear what topics matter most to you. Look out for your invite in the coming weeks. I’m incredibly excited by 2025 and the opportunities it brings, we call breath a collective sigh that 2024 is behind us lets get cracking on what promises to be a great year. Daniel Goymer CEO