Featured
Blogs
Attaining a Security SPD
In the second article in our Security SPD series, Michael Brooke offers tips to help partners gain the insight track from start to finish.
The Australian Cyber Security Centre (ACSC) continues to release an alarming series of alerts about escalating cyber threats. The ACSC recommends Australian organisations should: “urgently adopt an enhanced cyber security posture. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.”
The ACSC encourages organisations to implement ACSC’s flagship security framework – called the Essential Eight. It urges organisations to: “review the Essential Eight and prioritise remediating any identified gaps in Essential Eight maturity.”
A simple, pragmatic and cost-effective cybersecurity approach
For SMBs at the start of their cyber security journey, it can seem like a long, complex and costly road. For many SMBs, it can be difficult to know where to start, and also to know how much cyber security is enough.
That’s where the Essential Eight comes in. It removes a lot of the concern and complexity for customers, because ACSC cyber security experts have done most of the thinking and planning for you. They’ve identified the major threats and listed actions to mitigate them. For cost-conscious SMBs, the good news is the Essential Eight is free expert consultancy.
For partners, the Essential Eight provides an easy-to-follow plan that helps you to identify where your services can quickly and cost-effectively implement baseline security mitigation. Each of the Essential Eight mitigations is a building block on the road to beefing up security.
The Essential Eight mitigation strategies are grouped under 3 major themes:
- prevent attacks (stop malware intruding into your network)
- limit extent of attacks (prevent malware spreading if it does intrude)
- recover data & system availability (backup data and test that data recovery processes work).
The three major themes and eight mitigation strategies of the Essential Eight are summarised in the table below.
| Theme | Mitigation strategy |
| Prevent Attacks | Application Control
Patch Applications Configure Microsoft Office Macros User Application Hardening |
| Limit Extent of Attacks | Restrict Administrative Privileges
Patch Operating Systems Multi-factor Authentication |
| Recover Data & System Availability | Regular Backups |
The beauty of the Essential Eight is it breaks up all the potential security threats and related mitigations into eight digestible chunks and describes in detail what organisations need to do to strengthen their defences against the threats.
SMBs are given a list of actions and metrics for each of the eight mitigations to reduce their risk from cybercrime. When SMBs implement the recommended security standards for each of the eight mitigation strategies, they start to build a joined-up security strategy.
This can then be used as the SMB’s cyber security roadmap. It serves as an action plan and a security policy document that can be understood and communicated to all staff in the business. And importantly, it can serve as a transparent checklist that business leaders can review to ensure their SMB is taking the right steps to keep cybercrime at arm’s length. The Essential Eight security checklist can also be audited as part of compliance processes.
Get customers started with an Essential Eight Maturity Assessment
The Essential Eight is the outcome of some serious thinking by highly talented ACSC cyber security experts and provides a practical and realistic starting point for many SMBs.
For partners, Crayon has a service offering that can help you get your customers on the right track. Our Essential Eight maturity assessment offering is ideal whether you have an existing cybersecurity practice or need new ways to respond to increased concern from your SMB customers.
Learn More about how we can help.
Related
Featured
Blogs
Microsoft Security SPD
In the first of a 3-part series, Michael Brooke explains why the buying signals from the market make Security SPD attainment worth a close look for partners.
Featured
Training
Project Online Retirement
The sun is setting on Microsoft Project Online, with Microsoft announcing it will be fully retired on September 30, 2026. Get the need-to-know information to plan for this change and position alternatives with your customers.
Featured
Press Release
Nitro Partner Awards 2026: Crayon earns multiple honours
Crayon wins 2026 Nitro APAC Reseller of the Year, with team leaders honoured for supporting partners and accelerating digital document adoption.
Featured
Press Release
CRN Asia Channel Leaders
Crayon's Warren Nolan and Harith Ramotheram have earned recognition in the 2026 CRN Asia Channel Leaders list for driving partner growth and innovation in our region.
Featured
Blogs
Copilot for All
Learn how Microsoft’s strategic Copilot for All framework combines with Crayon’s inhouse AI expertise to drive practice development and revenue growth for partners.
Featured
On Demand Webinars
Data Protection Webinar
Watch the on‑demand webinar on turning data risk into revenue. Learn how partners use data protection maturity models to drive recurring revenue and customer trust.
Featured
On Demand Webinars
Accelerate Your Security Practice with Microsoft SPD
Join our team for a business and technical deep dive into the Microsoft Security SPD and why attaining it is great for business.
Business
AvePoint Partner onboarding content
AvePoint Partner onboarding content packs are now available from Crayon to help fast track confidence and success for your team.
On Demand Webinars
Copilot Partners: Unlock your opportunities
Our latest On-Demand webinar provides a practical, execution focused walk through the full Copilot partner journey, from early adoption to advanced scenarios.
Featured
Training
Modern Work Solution Partner Designations Webinar
In our latest webinar, our in-house Modern Work experts Jye Wong and Ksenia Turner will run you through a practical refresher on Solution Partner Designations; what they are, why they matter and how to get started.
Featured
Guides and eBooks
Data Protection Playbook #3
As SMBs mature in the Data Protection lifecycle, they need help to optimise spend, reduce the compliance burden and ensure results align to business objectives. The third installment of our Data Protection Playbook series provides practical guidance for partners on how to address emerging pressure and connect ongoing investment to measurable business value.
Featured
Training
Copilot Agents: Level up from chatbots
Copilot Agents: what are they and how do they differ from AI assistants and chatbots? Our in-house Copilot expert Ksenia Turner explains the use cases and service opportunities for partners.
Featured
Blogs
Proving Data Protection Compliance
Fragmented data protection systems and processes create compliance proof-gaps for SMB customers. Scott Hagenus, Director, Cybersecurity here at Crayon explains.
Featured
Guides and eBooks
Data Protection Playbook #2
How can partners help their SMB customers to move from silos of security and continuity to a more cohesive, measurable and insurable data protection framework? The second edition in our Data Protection Playbook series maps out their journey, and yours.
Blogs
Data Protection Partner Playbooks for SMB Customers
As cybersecurity and continuity converge in platforms and in practice, partners need new playbooks to address modern Data Protection standards. Our in-house cybersecurity pre-sales lead, Michael Brooke explains why.
Featured
Insights
Data Protection Resource Round-Up
Data Protection priorities are shifting for SMBs. Ramp up your ability to respond with curated insights, articles and resources to help you guide every customer conversation with confidence.
Featured
Insights
M365 Copilot Hub
All the latest insights, articles and resources on M365 Copilot, curated into one place.
Featured
Partner Spotlight
Crayon Expertise: Why Bigfish is hooked
Bigfish Technology saved AU$20,000 on its annual Microsoft licensing after one call with Crayon and has since built a strong partnership that enabled Bigfish to get access to Crayon’s expertise and vendor ecosystem.
Featured
Blogs
Data Protection for SMBs
From rethinking backup to governance frameworks and behavioural analytics, what's involved in building a complete Data Protection strategy for SMB customers?
Featured
Insights
Microsoft’s Channel Evolution
We explore the evolution of Microsoft's channel strategy over the past ten years, and what can be learned by viewing it through a Value Cycle lens.
Guides and eBooks
The Microsoft Fabric Partner Guide
The Microsoft Fabric Partner Guide curates our recent articles, videos and resources to accelerate Crayon partner learning.
Blogs
Ransomware attack explosion drives legislation review
An explosion in ransomware attacks has fueled a nationwide review of the issue, as concern rises that secret payoffs add increased fuel to the cybercrime fire.
Webinars Series
The value of security assessments in the Age of AI.
How do security assessments empower your cybersecurity practice to respond to the rise of AI? Find out!
Case Studies
Essential Eight Compliance with Airlock
Essential Eight Compliance can be tough to maintain for partners and customers. Learn how Airlock simplified the challenge for one MSP, and delivered faster time to value.
Press Release
Crayon/emt Distribution Strengthens Email Cloud Security for Partners in APAC with New Hornetsecurity Distri Agreement
Podcast
Crayon Cyber Chat: The Journey to Cyber Resilience
Cybersecurity experts from Crayon, SMX and Red Sift cover the realities of the complex threat landscape and how partners can respond.
Company Announcements
Crayon Fortifies ‘Journey to Value’ for Partners with Extended Cybersecurity Services
Press Release
Crayon welcomes DNSFilter to its cybersecurity solutions portfolio
Empowering Partners, MSPs and ISVs with best-in-class protective DNS security solutions
Blogs
Cloud Security Assessments are a Growth Opportunity
Crayon cloud security assessments help partners lock down M365 and Azure environments and build profitable cybersecurity practices. Learn how.
