Microsoft Macros and Website Security
What are macros
Macros are nothing new. They are programs designed to conduct repetitive tasks, usually written in Visual Basic (VBA) and are saved as part of Office files.
Whilst most macros are written for ethical and productive reasons, hackers use macros as a great way to gain access to a system as it’s easy to skirt around security controls. Malicious macros is one of the top ways of exploiting organisations today and can produce as much harm as malware and ransomware.
Some of the things macros can do include stealing data and emailing themselves from your email service. Malicious macros have been around since the 90s and have become more sophisticated over time.
Protection Strategies against Malicious Macros
The most effective way is to turn off your macros for day to day functions and to make sure that users can not turn them back on.
However, many organisations rely on these macros so this is not normally possible. However, many organisations rely on these macros so this is not normally possible.
Here are our top tips for managing macros:
- Turn off macros unless they are for specific Office apps
- Install an anti-malware scanning tool
- Update Microsoft Office to the latest version
- Disable unused Macros
- Find other ways to do functions that don’t rely on Macros
- Assess the high risk Macros
- Review macros in your trusted files
- Don’t allow Macros from the web
- Microsoft office Configuration
- Configuration settings for Microsoft devices
- Configuration of MacOS devices