Configure Microsoft Office
Macro Settings

Prevent macro viruses whilst maintaining efficiencies by configuring Microsoft Office Macro Settings.

Configure Microsoft
Office Macro Settings

The Australian Cyber Security Centre (ACSC) has recommended businesses Configure Microsoft Office Macro Settings to minimize the risk of cyber-attacks. Hackers can use macro viruses, or malicious macros, to infiltrate a computer network and run malicious code (malware). Macros enter a network via Microsoft Office documents which have been downloaded online, attached to emails or via infected files transferred from one computer network to another.
Whilst programs have the option to disable all macros, Microsoft macros are designed to automate repetitive tasks in Microsoft Office programs; specifically, Excel and Word. This means many businesses rely on macros to operate efficiently on a daily basis.
Smart configuration of macros is therefore key to ensuring businesses minimize risk, whilst maximizing productivity. Configuration of Microsoft Office Macro Settings is included in our Cybersecurity Management System (CSMS) packages from the GOLD level up.

What is Configuring Microsoft Office Macro Settings?

Macros are microprograms written in Visual Basic for Applications (VBA) which are designed to support repetitive tasks in Microsoft Office programs, particularly Excel and Word.

Macros are created by recording or storing input sequences, such as mouse strokes or keyboard presses, to form a set of instructions for a program. When the user wants to implement the string of instructions, they can simply run the macro rather than creating the same long list of instructions again and again.

Unfortunately, malicious macros operate in the same way as trusted macros. As macros are microprograms, malicious macros can open and automatically run a string of instructions which have been developed by a hacker. This may include telling your computer to embed the malicious macro into other files, send emails to all your contacts with the malicious macro attached, or run a ransomware program on your system.

Macros can only run if they are opened in an associated program; such as Excel or Word. Therefore, configuring Microsoft Office macro settings is vital to reducing the risk of macro viruses. Configuration needs to be undertaken on a business by business case. For businesses that rarely use Excel and Word, they may consider completely disabling all macros and blocking any new macros from starting. However, for many businesses, macros create efficient processes and are required to produce daily work. A key barrier to establishing a control for applications is it can be incredibly time-consuming in identifying all the trusted applications you wish your computer to run.

Our GOLD and higher CSMS packages can support smart macro configuration to reduce the risk of malicious macros.

Benefits of

Configuring Microsoft Office Macro Settings

Configuring Microsoft Office Macro Settings is one of the ACSC’s four strategies to prevent malware delivery and execution. Infected Microsoft Office documents (such as Word .DOC or Excel .XLM) attached to emails are the primary source of malicious macros attacking businesses. Macro viruses are one of the most common forms of cyber-attacks. Here are our top five reasons for Configuring Microsoft Office Macro Settings to stop malicious macros.

Five reasons to implement a
Microsoft Office Macro Setting
Configuration strategy

Configuring macro settings dramatically increases protection from macro viruses (malicious macros). A core issue is that malicious macros are malicious microprograms which can ultimately run any function the creator has instructed. The key is to stop the macro running, even if someone accidentally clicks on a dangerous email.
Macro viruses are often the result of someone clicking on a malicious email or downloading an infected file online. Often this mistake is innocent, however, if a company does not have appropriate macro settings, the malicious macro can cause grave companywide damage. Yet the macro can also cause damage to the user, such as sending emails from their inbox or creating and deleting files or images. Further, the macro can find personal information, resulting in individual extortion. Configuration of macro settings can prevent both business and personal exposure.
A key tactic of active malicious macros is to instruct Microsoft Outlook to send an email to a large number of contacts, with the malicious macro attached. This means that if a macro virus gets onto your system, your clients and contacts could also be at risk.
Once installed onto a computer, macro viruses not only run dangerous microprograms on a computer, but they also cause a mass slowdown of systems. This may occur before the user even knows they have been hacked.
‘Phishing’ scams are when hackers use email, spam or fake websites to convince the victim to give them personal information such as passwords and credit card details. Phishing emails often look like they are from trusted organisations, such as banks, government bodies or Australia Post. The email appears real and will ask the user to download an attachment; which is ultimately a malicious macro. Whilst configuring macros will not stop phishing emails, it will prevent the macro from running on the computer in the case the email is accidentally opened.

Implementing a Microsoft Office Macro Setting Configuration Strategy

Configuring macro settings differs for all businesses. There are many factors to consider, with the core factor being: how much does your company rely on macros? Unfortunately, many employees and managers don’t know the extent of this answer.
There is a range of approaches to macro-management, from disabling all macros to implementing case by case file management which puts the user in charge of which macros to enable or not. Our approach is to undertake advanced configuration via enabling digitally signed macros to enable common/known macros to undertake their daily operations and block any unknown macros from running. Our central management of this system ensures that any new trusted macros are also allowed to run. This improves the general day to day hassle of determining which macros are safe and which are viruses.
Our Microsoft Office Macro Setting Configuration services are included in all our CSMS packages from GOLD higher.