At our February Techshop, we tackled a critical question facing Australian businesses: which cybersecurity framework actually protects your organisation without breaking the bank?
We compared the government’s Essential 8 Framework with Myrtec’s Minimum Standards, and the results might surprise you. If you missed the session, here’s our wrap-up to understanding both approaches and choosing the right path for your business.
The Australian Signals Directorate (ASD) developed the Essential 8 Framework in 2017 as a baseline defence against cyber threats. These eight mitigation strategies include:
The framework operates on three maturity levels, designed to protect against increasingly sophisticated threats, from large-scale, non-targeted attacks (Level 1) to advanced persistent threats targeting critical infrastructure (Level 3).
Here’s the catch: The Essential 8 was designed as a one-size-fits-all solution, creating a static list of strategies that applies to everyone, regardless of whether you’re a small Newcastle law firm or a large government department.
Our Minimum Standards take a different approach. Rather than following a rigid framework, we’ve developed a dynamic set of requirements tailored to what actually matters for your business:
The crucial difference? Our standards adapt to your environment. If you’re on Google Workspace, we focus on Google-specific security. Running Windows? We ensure those systems are properly hardened. Using Macs? Different standards apply.
Both frameworks share some common ground, particularly around MFA and regular backups. However, the similarities largely end there.
Essential 8 requires:
Myrtec’s Minimum Standards focus on:
Here’s a statistic that should make every business owner pause: Zero.
That’s how many Myrtec customers have met our minimum standards before onboarding. Not one. Despite having IT support and believing they were secure, every single organisation had critical gaps in its cybersecurity posture.
This isn’t about scaremongering. It’s about acknowledging that most Australian businesses are operating with a false sense of security.
Essential 8 compliance often requires expensive third-party tools and complex implementations that might not align with your actual risk profile. Our Minimum Standards, by contrast, leverage the security features you’re already paying for within your existing platforms.
Think about it: if you’re paying for Microsoft 365 or Google Workspace, you already have access to powerful security tools. The problem is, most businesses don’t know how to configure them properly. That’s where our expertise comes in.
More importantly, our standards were specifically developed to ensure customers qualify for cyber insurance with reasonable premiums. We’ve worked backwards from what insurers actually require, not from theoretical best practices.
Once you’ve met the minimum standards, you can enhance your security posture with:
Cybersecurity isn’t just about protecting your data anymore. It’s about:
If you hold a credit licence, financial services licence, or handle sensitive client data, compliance isn’t optional; it’s mandatory for maintaining your operating licence.
The Bottom Line
Any IT provider can take your money and make you Essential 8 compliant. But wouldn’t you rather have security measures that are actually relevant to your organisation? We believe our tailored Minimum Standards provide you with more value for your investment, focusing on practical protections that align with your business needs and insurance requirements.
Remember: cybersecurity isn’t about ticking boxes on a government framework. It’s about implementing practical, cost-effective measures that protect your specific business from real-world threats.
Ready to elevate your cybersecurity? Join us at our next Techshop, where we break down complex security concepts into actionable insights. We’re committed to ensuring Newcastle, Maitland, and Central Coast businesses understand exactly what they need to stay secure without the jargon or unnecessary complexity.
Book your spot at our next Techshop or contact our team to discuss how the FLEX Managed Service Agreement can help you get your security foundations right.
We offer a sense of partnership that goes beyond the typical IT experience. Our value starts where the scope of a traditional managed service ends. Contact us to book a no-obligation discovery meeting.
We’re not just another faceless IT company. We are all about old school professionalism, which means rather than hiding behind our screens, we’d like to meet you face to face (or virtually if required!).
Let’s organise an initial in-person or online meeting to scope if we’d be a good fit for you.
Copyright Ⓒ 2025 Myrtec All Rights Reserved
