Office 365 security concerns? You’re not alone.
Recently, Microsoft Office 356 users were potentially exposed to a massive zero-day Cyber ransomware attack which consisted of not only a ransom note, but an audio warning indicating victim’s files were encrypted. There are several reasons why this could happen. For example, when users visit a website inflicted with ransomware or opening an email attachment infected with ransomware from their personal or corporate email accounts. Some possible attachments could be:
- Executables (ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif, etc.)
- Office files that support macros (doc, xls, docm, xlsm, pptm, etc.)
Below are some of the most common Office 365 security features that you can choose to protect your users against ransomware.
Provide security awareness and education
Providing security awareness and education to your users is a good practice and can be used as an effective prevention mechanism. If users are able to identify security threats such as ransomware and be able to know how to react to the threat, their devices will be less susceptible and will make the recovery process less painful.
Keep antivirus/antimalware solutions running and up to date
Installing an antivirus solution like Windows Defender and keeping it up to date will prevent many instances of ransomware and malware from effecting your organization. You can also enable Microsoft Active Protection Service (MAPS), which will provide greater malware protection through cloud-delivered malware-blocking decisions.
Regularly backup your files
As recommended by the Microsoft Malware Protection Center (MMPC) you should back up your files on a regular basis by using manual syncing methods, or even by manually moving your files to a separate location.
Use OneDrive for Business
OneDrive for Business can be used as a protection mechanism against ransomware. OneDrive will allow you to recover files stored in it.
Beware of Phishing emails and Malicious attachments
Be careful when opening emails and look for phishing indicators especially if it contains an attachment that can be used as ransomware. Please take a look at our blog post http://www.vorsite.com/2016/07/07/fbi-warning-businesses-about-scam/ to learn more information.
Also, ransomware attack leverages macros or executables in email attachments to infect their victims’ devices. Exchange transport rules can be used to protect your users by:
- Warning users about the risk of macros if they receive any file attachments with file extensions that support macros.
- Tracking users who have received a file extension that support macros.
- Blocking mail that allow users to run macros (especially legacy file extensions like .doc) or are executables.
In addition, you can disable macros in Office documents to help prevent infections in your device.
Keep Windows and installed software up-to-date
You should use the latest versions of your Operating System and installed software (internet browser, mail client, etc.). The latest version of Windows and other software running in your computer will support new functionalities and features that will help you prevent security threats.
Enable file history or system protection
If you are infected by ransomware, you should make sure that you are able to recover the files by using the file history. To be able to recover previous version of your files in your Windows 10 or Windows 8.1 devices you must have your file history enabled and you have to set up a drive for file history. If you are using Windows 7 or Windows vista, the feature is named system protection. Vorsite will make sure your systems are ALWAYS protected therefore, you will never have to worry about getting infected.
