Essential Eight: Configure Microsoft Office Macro Settings

Essential 8 #3:

Configure Microsoft Office Macro Settings

Don't Let Macros Be the Weak Link in Your Defenses

Alright, here's another critical piece of the puzzle. We've talked about application control, like the bouncer at the door, which only lets the approved apps into your system. Yesterday, we covered patching applications – fixing those cracks in the walls before cybercriminals can exploit them. Today, we're moving on to Essential Eight strategy number three: Configure Microsoft Office Macro Settings. And, if I'm honest, this is another one that's a bit overlooked, but it's vital for keeping your systems secure!

Think of Microsoft Office macros as pre-written instructions that your documents can follow. These instructions can automate complex tasks, but cybercriminals can also manipulate them if you're not careful.

What are macros, and why are they a security risk?

These pre-written instructions (macros) contain code that tells your Office applications like Word, Excel, and PowerPoint what to do. They can automatically format documents, generate reports, or even pull in data from external sources. Sounds handy, right?

Here's the catch: cybercriminals can hide malicious code inside these pre-written instructions. Imagine someone pretending to be a trustworthy repairman, but instead of fixing things, they secretly plant a device to unlock your doors later. That's what a malicious macro does. When you enable a document containing a harmful macro (often because the bad guys use tricks to convince you), that malicious code can run on your system. This can lead to all sorts of nasty consequences, including:

• Ransomware attacks: Encrypting your files and demanding payment for their release. (Like someone locking all the doors in your house and demanding payment to unlock them.)

• Data theft: Stealing sensitive information like login credentials or financial data. (Like the fake repairman rifling through your filing cabinets and stealing your important documents.)

• Installation of backdoors: Allowing attackers to gain persistent access to your systems. (Like the fake repairman secretly installing a hidden door they can use to come and go as they please.)

Why is blocking macros from the internet so important?

The Australian Cyber Security Centre (ACSC) specifically recommends blocking macros that originate from the internet. Why? This is a common way for attackers to deliver their malicious payloads. They might send you a phishing email with an attachment that looks like a legitimate invoice or delivery note - like someone slipping a fake key onto your keyring through your letterbox - but it contains a set of harmful instructions (a malicious macro) that, when enabled, unleashes malware on your system.

How to configure macro settings in Microsoft Office:

Thankfully, Microsoft Office provides settings that allow you to control how these pre-written instructions (macros) are handled. It's like installing a security system that lets you decide who gets a key and what they can do. Here's the gist of what you should do, although you should always check for updated guidance from Microsoft and the ACSC:

• Disable all macros with notification: This is generally the recommended setting. It means that macros won't run automatically, but you'll be prompted each time a document containing a macro is opened. (Like having a security guard who checks each key and asks if you want to allow its use). You can then choose whether to enable or disable macros for that document.

• Block macros from running in Office files from the Internet: This is a crucial setting that addresses the risk we've been discussing. This option is available in newer versions of Office. (Like having a unique lock on your letterbox that only allows verified mail through.)

Exceptions and considerations:

Of course, there might be legitimate cases where you need to use these pre-written instructions (macros) within your organisation. (Like needing to give a key to a trusted contractor for specific repairs.) For these situations, you can:

• Digitally sign macros: This allows you to verify the source of a macro and ensure that it hasn't been tampered with. (Like having a special, verified key made for the contractor.)

• Use a trusted location: You can designate specific folders on your network as "trusted locations." Macros in documents stored in these locations will be allowed to run without prompting. (Like having a secure safe where you keep keys for trusted individuals.)

User education is key!

Even with the right settings in place, educating your users about the risks of macros is vital. They should be trained to:

• Be suspicious of unexpected email attachments, especially those that claim to require macros to be enabled. (Just like they should be wary of unexpected visitors or packages.)

• Never enable macros from untrusted sources.

• Report any suspicious emails or documents to your IT team.

How Canzuki Can Help

Configuring macro settings, managing exceptions, and creating a company-wide policy around their use can be complex, especially in larger organisations.

Canzuki offers comprehensive services to help you secure your Microsoft Office environment:

• Policy Development and Implementation: We can help you create and implement robust macro security policies tailored to your organisation's needs. These policies can include defining trusted locations, setting up digital signatures, and configuring appropriate macro settings across all your devices.

• Automated Configuration Management: We can automate the deployment of Microsoft Office macro settings across your entire network, ensuring consistency and reducing the risk of human error.

• Exception Management: We can establish secure processes for handling legitimate macro use cases, including setting up systems for digitally signing macros and managing trusted locations.

• User Awareness Training: We provide engaging and practical training to educate your employees about the risks of macros, how to identify suspicious emails and attachments, and the importance of following your organisation's macro security policies.

• Ongoing Monitoring and Support: We can monitor your systems continuously to detect and respond to potential macro-related threats. We also stay current with the latest security guidance from Microsoft and the ACSC, ensuring your macro security policies and configurations are always aligned with industry best practices.

• Staying Ahead of the Curve: We proactively monitor for updates and changes in Microsoft Office security features and ACSC guidelines. We'll keep you informed of any new developments and help you adjust your policies and configurations accordingly so your defences are always up-to-date.

Call to Action:

Don't let macros be the weak link in your cyber security defences. Contact Canzuki today to learn how we can help you implement this crucial aspect of the Essential Eight and improve your overall security posture.

Ready to take control of your macro security? Call us at +61 2 7227 9388 or email hello@canzuki.com.

Bottom line:

Configuring Microsoft Office macro settings is a fundamental security practice. It might not be the most glamorous task, but it's essential for protecting your organisation from cyber-attacks. Taking the right steps to control macros and educate your users significantly reduces your risk and keeps your data safe. You're ensuring your digital house is secure and that only trusted individuals have the keys to the right doors.

We'll tackle the next Essential Eight strategy on Monday. Until then, stay vigilant, stay secure, and don't give those cyber crooks an easy way in!