If you have looked at your inbox lately, you’ll not be surprised when I say that phishing attacks increased 400% in the first seven months of 2019. Those phishing attacks attempted to either tricking a user to go to a website or open an Office document. Phishing attack that try to get you to open an Office document often call a script to take additional action. Scripts are most often used in malicious macros to call actions.

What’s an IT admin to do when dealing with malicious Office documents? Plenty. First, you need to identify and stratify who in your office really needs a fully functioning Office implementation. You can mix and match how you deploy Office. Can your users get by with a “kiosk” style, web-based version of Office that isn’t installed on the system directly and can be used more in a sandbox mode?

bradley script 1 Susan Bradley

Office web versions limit impact to desktops

Can you restrict users from running Office macros? Generally speaking, most users can get by with a basic Office suite and do not need to use advanced features such as macros. You can restrict the use of macros to just those users that must have it for their productivity.

For those with a traditional domain infrastructure, you can limit Office macros with Group Policy. The threat of macros is not new. As far back as Office 2010, Microsoft provided the ability to block macros. With Office 2016, administrators can block macros in documents that come to you from the web. Better known as “mark of the web,” this metadata flagging allows administrators more granular control over how and where your users can open files.

As always, don’t underestimate the need for end-user education. Letting your users know what files should look like and how they should respond to the prompts goes a long way to keeping your network safe.

Copyright © 2020 IDG Communications, Inc.

Source link

Write a comment:

Your email address will not be published.