Macros can be useful for streamlining day-to-day tasks…
But they can pose a security risk if they are not properly maintained.
The Australian Cyber Security Centre (ACSC) has observed an increase in attempts to compromise businesses by embedding malware in macros.
Microsoft Office macros are created by recording a series of commands, such as mouse clicks and keystrokes, to create a shortcut for repetitive tasks.
Malicious macros can be shared by cybercriminals and, if used, may grant unauthorised access to devices.
To minimise risks, it is recommended to ask three questions before using a macro:
- Is there a business requirement for the macro?
- Has the macro been developed or provided by a trusted party?
- Has it been validated by a trustworthy and technically skilled party?
To further safeguard your business systems and customer data, it is important to disable macros for users who do not require them — only enable macros from trusted locations, and only enable digitally signed macros created by trusted individuals on a case-by-case basis.