Yorb Critical 8

For improving your security posture

It’s hard to keep your business safe from cyber threats. There are multiple frameworks, controls and strategies. Yorb suggests that businesses have on-going security conversations across the organisation. This includes a focus on people, processes and technology. Our team can help you create a security roadmap. But, we know this can take some time. That’s why we also offer the Yorb Critical 8. These recommendations are based on the risks we see that small businesses face in New Zealand as well as CERT NZ’s Critical Controls 2022 

Where does your business stand?

  • CloudCover for Microsoft 365
  • CloudCover Backup for Workstations & Servers
  • CloudCover Backup & Disaster Recovery

Yorb supporting products

  • Cyber criminals target your main data and any backups they find. Isolating backups protects your business from these threats. 
  • When accidental or malicious data destruction occurs knowing the integrity of your backups is sound will give you peace of mind. 

Why is it important?

  1. Back up all on-premise and cloud-based systems regularly.
  2. Create two copies of all backups.
  3. Keep one copy isolated and physically separate from your primary data location.
  4. Check backups often to make sure they’re working.

What does it involve?

1. Secure Backup and Recovery 

2. Patch Management

  1. Keep devices and applications up to date with the latest version or versions still supported by the developer.
  2. Include the Operating System and application software. For example
  • Windows
  • MacOS
  • iOS
  • Android
  • Google Chrome
  • Adobe Acrobat
  • Microsoft Office

What does it involve?

  • Attackers will exploit known vulnerabilities in software, and developers will release updates to address these issues.
  • Patching your software often will help minimise your exposure to vulnerabilities.
  • Software will eventually go to end of life, at which point it’s no longer updated and should be removed from your business entirely like Windows XP and Windows 7.

Why is it important?

  • Core Yorb Support Contracts
  • Priority support
  • Help desk support
  • Remote support
  • Total support
  • Digital roadmaps

Yorb supporting products

3. Multi-factor Authentication

and Identity Management

  1. All systems have multi-factor authentication, meaning users need two forms of identification to access them. This is especially important for Internet-accessible systems like Microsoft 365.
  2. Use a centralised identity management platform to make things easier.

What does it involve?

  • People guessing or stealing passwords is common and is avoided by using multi-factor authentication.
  • Businesses often have multiple systems with different login information. Identity Management integrating these systems increases security.

Why is it important?

  • Microsoft 365 Security Journey - Stage One
  • Remote Access Security
  • Digital Consulting / Professional Services
  • Microsoft 365 Security Monitoring

Yorb supporting products

4. Device Management and Endpoint Detection and Response (EDR) 

  1. Make sure devices accessing company data and systems meet security requirements, including:
  • Device Encryption 
  • Attack Surface Reduction 
  • Device PIN requirements and failed password wipe 
  • Endpoint Detection & Response (EDR) 
  • Web Content Filtering 

What does it involve?

  • Devices are connected to your business and often store data. They also usually have direct access to your systems with reduced password requirements. So, they’re a weak spot that criminals can exploit. 
  • Since devices are no longer protected behind office walls and enterprise firewalls, we need to take extra precautions. 

Why is it important?

  • Yorb Defender for:
  • Windows 
  • MacOS 
  • iOS 
  • Android 

Yorb supporting products

5. Security Awareness Training 

  1. Train your users to identify security risks and what to do about them. 

What does it involve?

  • People, process and technology work together to keep your business safe. Users are often the weakest point in security, so make sure to educate them on how to keep your systems safe. 

Why is it important?

  • Online Security Training 

Yorb supporting products

6. E-Mail Hygiene (SPF, DKIM, DMARC)

  1. Make sure e-mails sent on your behalf are real, and that people can’t pretend to be you or your business. 

What does it involve?

  • Be a good cyber-citizen by taking steps to protect others. For example, stop unauthorized parties from sending e-mails using your e-mail address. This protects people and your reputation. 

Why is it important?

  • SecureSEND

Yorb supporting products

7. Firewall and LAN Management

  1. Keep your Firewall and LAN infrastructure secure by patching it and keeping logs of activity. 
  2. Make sure logs include details regarding what systems and websites are being accessed. 
  3. Segment the network into logical secure units. 

What does it involve?

  • Your network infrastructure supports the delivery of data and systems. If it’s not protected, cyber-attackers could use it to access your network. 

Why is it important?

  • SecureNET 

Yorb supporting products

8. Password Manager

  1. Provide a safe way to store passwords and encourage users to have good password habits. 
  2. Passwords are stored securely and can be accessed through approved browser plugins and mobile apps. 

What does it involve?

  • People still use “password” as a password, which isn’t secure. Help users by giving them a way to create, store, and access strong passwords. 

Why is it important?

  • SecurePASS

Yorb supporting products

Where does your business stand?

The Yorb recommendations won’t keep your business from ever having a security breach. But, they’ll lower the chance of a successful attack. Make sure to look at primary IT systems like Microsoft 365, Accounting, and Payroll. You should also examine any ShadowIT* that your business might use. 


To further protect your business, follow a comprehensive security strategy. This should match a universal security standard, like CIS or ISO27001. Our Professional Services team can help raise the level of security in your business, by developing a security strategy that aligns to your appetite for risk. 

More Information

Ask us about

  • Data Leak Prevention 
  • Information Rights Management 
  • Data Classification 
  • Identity Management
  • Dormant Accounts 
  • Single Sign On (SSO) 
  • Asset Management
  • Hardware 
  • Software 
  • Enterprise Architecture 
  • Network Segmentation 
  • Privileged Access Management & Monitoring 
  • Change Management 
  • Darkweb Monitoring 
  • Microsoft 365 Monitoring 
  • Microsoft Secure Score 
  • ShadowIT 
  • Penetration Testing 

Let us help you create a security roadmap and keep your data safe from hackers.

Own a business?

Share by: