Do you use macros in your business? You probably do without even knowing. Many documents have macros embedded in them. Files types such as pptm, docm and xlsm (PowerPoint, Word and Excel) have the extension ’m’ which indicates a macro-enabled extension. They can make your business operations a while lot easier but when not used properly they can cause a world of hurt.
While these programs are great for boosting productivity, they can leave you exposed to a cyberattack. So ask yourself, do you want to leave the choice whether to use macros up to the end user. You can control the use of macros in Word using Group Policy Objects (GPOs) which removes the choice from your end users. Job done. No, not really. It is only the start.
Security issues with macros
Macros can contain harmful code and when someone opens a document containing a virus, it can run rampant across other documents. This can potentially corrupt important business data while moving sideways throughout your network to other users.
Hackers often use harmful macro code in a blended cyberattack. They do this through clever emails that manipulate the user to click on an attachment or web link. Once they click, it sets off a chain reaction and the harmful macros take hold in the user’s computer. Malicious code embedded in a document can download ransomware, trojans and keyloggers onto users’ devices. And the nightmare for your business begins. Using GPOs will not prevent this from happening.
Strategy for prevention
Using macros and browsers for productivity are great tools but you need to find a way to reduce the risk to your business. The Essential Eight security strategies from the Australian Cyber Security Centre has a strategy for configuring macros and browsers.
Under the Essential Eight strategies, there are three levels of maturity for controlling macros and browsers. The following is a summary:
- Maturity Level One. At Maturity Level One, your users can run macros in Microsoft Office applications. But they receive a prompt before they do and must approve macro use and cannot change macro settings.
- Maturity Level Two. Maturity Level Two builds on Level One by only allowing signed Microsoft Office macros to run and blocks macros in documents downloaded from the web.
- Maturity Level Three. Level Three builds on the previous two levels. It restricts macros to those only from trusted sources.
The Rightsize technical team takes the time to understand the risks to your business and works with you to design an effective solution to defend against probable events.
Contact us now for a free consultation or call 07 3106 7348 to find out more about The Essential Eight and its implementation to protect your business. Rightsize Technology is your IT department as a service. Our solutions protect you online.
About Rightsize
Enabling your business to grow efficiently and effectively – we’re the Rightsize for you.
Small businesses struggle to budget their IT operations and often spend inefficiently with less than a great return on their investment. Rightsize Technology understand. We deliver a minimum 30% reduction on IT overheads as a dedicated outside IT department for our clients. Our unlimited 24×7 support, both on and offsite increases business productivity and capacity, enabling their business to grow efficiently and effectively – we’re the Rightsize for growing small businesses. Talk to our team today for more information.