It's time to look at another strategy in the ASD Essential 8. The concept of minimising administrative privileges was in the original ASD top 4, but unfortunately this important and very effective strategy is often overlooked. Administrative privileges are powerful, and once granted allow pretty much any change to be made to a system. If a user has administrative privileges to a system they can make intentional or unintentional changes that could have major consequences
Today I'm covering another strategy from the Australian Signals Directorate’s Essential 8: Disabling untrusted Microsoft Office macros.
We’ll be looking at strategies to protect against malicious macros. These strategies can all be implemented in a Windows domain environment using Group Policy and they do not require third party software. This might not be the most exciting subject in the world, but grab a coffee and stick with me, it’s important.
I recently wrote about the Australian Signals Directorate (ASD) Essential 8 and today will be covering one of the most effective of the 8 strategies, one that sits proudly in the original ASD top 4. Application whitelisting only allows known good applications to execute on a computer. If unknown applications can’t run on a system, then execution of malware and other malicious code is much less likely. Of course, it’s not foolproof and multiple layers of protection and strategies will always be required. For example, application whitelisting does not stop a known good program like a web browser from executing malicious code in memory. We of course need to make sure other strategies are in place like application patching and hardening.
Everyone needs a strategy, right? What are you doing to protect your business against cyber threats, and the real possibility of someone stealing or destroying your data. An attack could come in any number of ways, a data breach and the theft of critical data or possibly a ransomware attack and the destruction of important files. Many companies, especially in the SMB space don't even have the security basics in place and it can be difficult even knowing where to start. It's simply not enough these days to put a firewall and anti-virus program in place and sit back and relax. Believe me, I'd love it if that was the case, I’d be gladly taking a nap right now.
Everyone has information that they want to protect which must remain confidential. These days it’s quite likely that this information sits in an account that is accessible on the internet and is at increased risk of exposure. This information doesn’t have to be a business account - how about personal email accounts such as Gmail? I know people that live out of their personal Gmail account - the one place which contains every email, document and contact that they have. If their password fell into the wrong hands it would be a disaster and unfortunately account breaches are now part of everyday life.
I’ve been migrating on-premises business email systems to Office 365 for the past few years. Email is often seen as the first logical step into the cloud, a low risk move. Outlook performs well due to caching, even over slow links, so you get an up to date, feature rich environment with little risk of negatively impacting users.