The Australian Cyber Security Centre receives an average of 164 cybercrime reports every day, which is about one every ten minutes. It’s becoming increasingly critical for organisations nationwide to ensure they are fully protected against every threat – including unconfigured macros within their Microsoft Office environment.
Cybercriminals could embed malicious code in a document’s macros and trick the user into opening it. Configuring macro settings for enhanced security is vital when it comes to protecting your business against cyber threats, and is one of the ACSC’s Essential Eight Strategies to mitigate risks.
What is the ACSC Essential Eight?
The Australian Cyber Security Centre (ACSC) developed the Essential Eight as eight risk mitigation strategies to build cyber resilience and protection against cyber threats.
These strategies are:
- Implementing application control
- Assessing security vulnerabilities and applying patches
- Configuring Microsoft Office macro settings
- User application hardening
- Restricting admin privileges
- Patch operating systems
- Implementing multi-factor authentication
- Regular backups
These eight risk mitigation strategies were designed to work together in order to protect the entire IT infrastructure from cyber threats. Because of this, all eight must be implemented within your business in order to properly enhance your cyber security posture.
However, the Essential Eight only covers the fundamentals of cyber security, and it is very likely that your business will need additional security measures, even if all eight strategies are implemented to Maturity Level 3.
What are macros?
Macro settings allow you to configure how Microsoft Office 365 applications behave. Macros are embedded code written in Visual Basic for Applications (VBA) programming language, containing commands that can automate repetitive tasks.
Office macros that run in Microsoft Office apps add advanced functionality to your documents. They are turned on by default in Word, Excel, and PowerPoint programs. Macros can be useful for users because they make it easy for non-technical users to automate tasks within office documents. However, macros can be a security risk if they are activated without configuring the right security settings.
While macros can be coded by users to help improve productivity and efficiency in the office, threat actors can also create macros to perform malicious actions, like compromising workstations to extract sensitive information, or deny user access.
This is why it’s important to verify trusted macros and configure your macro settings to ensure cybercriminals cannot access your network and sensitive data.
Microsoft Office macro settings Maturity Levels
The ACSC Maturity Model ranks the Essential Eight strategies according to their aims of mitigating cybercrime by various levels of tradecraft. Four levels of maturity determine a business’s current security status, and how it should be improved.
Level 0 signifies weaknesses in a business’s overall cyber security posture that could lead to data breaches and cyber-attacks.
Maturity Level 1
- Macros are disables for users who do not have a demonstrated business requirement.
- Macros in files originating from the internet are blocked.
- Microsoft Office macro antivirus scanning is enabled.
- Macro settings cannot be altered by unauthorised users.
Maturity Level 2
- The same requirements as above.
- Macros are blocked from makingWin32 API calls.
- Microsoft 365 macro security settings cannot be changed by unauthorised users..
- All Microsoft 365 macro executions, both allowed and blocked, are logged.
Maturity Level 3
- The same requirements as Maturity Levels 1 and 2.
- Only macros running from a sandbox environment, a trusted location, or which are digitally signed by a trusted publisher are allowed to run.
- Only authorised users who are responsible for validating that macros are free of malicious code can write and modify content within trusted locations.
- Macros digitally signed by untrusted publishers cannot be enabled via backstage view or the message bar.
- Microsoft 365’s list of trusted publishers is verified on an annual or more frequent basis.
- All Microsoft 365 macro executions – allowed and blocked – are centrally logged and protected from unauthorised alterations or deletion, are monitored for any signs of compromise, and actioned when cyber security incidents are detected.
Configure your Microsoft 365 macro settings with help from the experts
Microsoft Office macros are a critical component of many businesses’ information security defence. Macro-enabled applications can be used by malicious actors to perform tasks that would normally require system administrator access or third-party software. By setting specific macro options it is possible to limit their potential impact on your environment and maintain access controls.
The cyber security experts at Itopia specialise in helping businesses implement the ACSC Essential Eight into their business and training users in best security practices. Talk to them today and ensure your organisation is protected against cyber threats.
