NAATI (National Accreditation Authority for Translators and Interpreters) serves as the national standards and certifying authority for interpreters and translators in Australia and plays a pivotal role in supporting essential services and government bodies. As cybersecurity demands increased in an era of stricter government regulations, NAATI recognised the need for robust security measures to protect their sensitive information and approached Ericom to complete a security audit of their Microsoft environment.
To address NAATI’s cybersecurity needs, Ericom recommended implementing the Australian Government’s Essential Eight framework. Developed in collaboration with the Australian Signals Directorate and the Australian Cyber Security Centre, the Essential Eight consists of eight strategies designed to complement each other and provide comprehensive coverage against various cyber threats.
The strategies include: | ||
1. Application control | 2. Patch application | 3. Configuring Microsoft Office macro settings |
4. User application hardening | 5. Restricting administrative privileges | 6. Patching operating systems |
7. Multi-factor authentication | 8. Regular backups |
The framework defines four maturity levels (Maturity Level 0 through to Maturity Level 3) to gauge the organisation’s cybersecurity readiness.
Ericom embarked on a seven-month journey to elevate NAATI’s cybersecurity framework to Level 3 and ensure its ongoing maintenance. One of the standout features of this project was Ericom’s strategy to empower NAATI’s internal staff to complete the necessary work. Ericom acted as the guiding force, overseeing and directing the efforts of NAATI’s IT team.
The project’s success was driven by Ericom’s meticulous planning. A comprehensive Statement of Work was developed that detailed every task required to complete the project. The document also outlined different levels of Ericom’s service teams and their availability, as well as the allocation of work hours between Ericom and NAATI. All tasks were tracked and managed using an online project management tool, fostering transparency and accountability.
The implementation of the Essential Eight framework brought about significant improvements for NAATI. While adapting to the “new working practice,” which included the introduction of multi-factor authentication, NAATI staff experienced minimal disruption thanks to Ericom’s custom-built communication channels. The IT team seamlessly communicated necessary changes, ensuring that all staff members were informed of the reasons behind the changes and their implications for the organisation.
As a predominantly Microsoft-based organisation, NAATI operates extensively in the cloud, leveraging Azure and Office 365. Ericom’s objective was to achieve Level 3 of the Essential Eight, a subjective goal. However, we were able to validate the success by achieving an impressive Microsoft Secure Score which is a challenging feat given the numerous elements assessed, including applications, authentication, and devices.
Throughout the project, Ericom maintained an open line of communication with NAATI, fostering collaboration and ensuring that both parties were aligned on their approach. This pragmatic and transparent approach resulted in the project being completed on time and within budget. In conclusion, Ericom’s partnership with NAATI exemplified the power of pragmatic solutions in achieving cybersecurity excellence, ultimately safeguarding NAATI’s sensitive data and ensuring a more secure future.