Not everyone has the level of technical expertise to understand why macros are dangerous, or how to disable them. Macros are a really powerful feature in Microsoft Office, allowing you to do many difficult things with the click of a button. These complicated tasks might be formatting a spreadsheet, inserting a standard block of text in Word documents, etc. The problem is malicious code, like a macro virus, can automatically be executed as a standard macro when the user opens a document from an untrusted source.
The creators of these malicious code segments attempt to prevent users from catching on by disguising their malicious document, usually sent as an email attachment, as something seemingly routine. There are active malware efforts that are actively infecting user computers right now, with examples like PowerSniff! or other examples that have been around in one form or another for many years.
There are three things will prevent almost 100% of all infections:
- Disable macros in Microsoft Office. This is fairly easy for even non-technical users to accomplish.
- Another great way to prevent infections is to never open an attachment from an untrusted source.
- You should also be running anti-virus and anti-malware software on your computer.
These three things will prevent almost 100% of infections.
Disabling Macros in Microsoft Office
- Click File > Options.
- Click Trust Center, and then click Trust Center Settings.
- In the Trust Center, click Macro Settings, where you can make any changes you want and approve them by clicking OK.
As a technical person, there are several things you can do at your company to help prevent a successful malware attack.
- Security Training – Make sure you create a policy that outlines user responsibilities for cybersecurity. This includes be aware of potential cyber threats, not opening attachments from untrusted sources, selecting strong passwords, etc. This includes the potential risks of opening macro-enabled office documents.
- Anti-Malware and Anti-Virus – While software will never be 100% effective in detecting and blocking infections, it can be more effective than nothing.
- Anti-Spam – Build rules in your spam tool to automatically restrict email attachments with a .zip extension.
- Default Microsoft Office Security – Use the default setting of “High” for Macro security on all Microsoft Office applications.
- PowerShell – Publish a Group Policy Object that restricts the use of PowerShell for most users. Allow PowerShell for specific power users on a case-by-case basis.
- Monitor Activity – Look for unexpected pings from internal computers and keep an eye on unusual network activity.