In the concluding segment of our small business series, we will be exploring the final two components of the ACSC Essential Eight. This series aims to help small businesses understand and implement these crucial cybersecurity strategies.
Essential Eight restricting Microsoft Office macros
First, let's discuss restricting Microsoft Office macros. An Office macro is a small program that automates tasks in Microsoft Office applications like Word or Excel. It's a helpful tool for repetitive tasks, but it can also be exploited by hackers to run malicious code. If you're not using macros for your work, it's safer to keep them disabled to protect your computer from potential threats.
Explanation for a non-technical person:
Microsoft Office macros are like little helpers that automate tasks in programs like Word or Excel. They can be useful but also risky because hackers can misuse them. If you're not sure whether you need them, it's best to keep them turned off to stay safe.
In a typical business setting, macros are predominantly used by accountants, and most staff members do not use them, allowing for their safe disabling. If your organisation operates within an active directory domain, you can manage this through group policy. This simplifies the process of creating group policy objects (GPOs) to disable macros for specific groups within your organisation. For detailed information and guidance, search for "ACSC restricting Microsoft Office macros" on the ACSC website.
Essential Eight user application hardening
The lowest maturity level of the Essential Eight user application hardening recommends the following:
Internet Explorer 11 should be disabled or removed. As of June 15, 2022, Microsoft announced that it would no longer support Internet Explorer and replaced it with Microsoft Edge. It is recommended to check all your end-user devices and servers to ensure that Internet Explorer is no longer installed and to remove it if found.
Web browsers do not process Java from the internet
I initially misunderstood the difference between Java and JavaScript years ago and blocked both, causing many websites to stop working. It's important to know the distinction: Java is used for large applications, while JavaScript makes web pages interactive. You should only disable Java, not JavaScript, to keep websites functional.
Java is used for building large applications like Android apps and enterprise systems. It needs special software (JVM) to run. JavaScript, on the other hand, is used to make web pages interactive and dynamic. It runs directly in web browsers. Java is more complex and better for big projects, while JavaScript is simpler and great for adding features to websites. Java needs special development tools, whereas JavaScript can be written in basic text editors.
Finally, web browsers do not process web advertisements from the internet
Implementing this can be challenging, especially with an advertising team that relies on online ads for revenue. They won't want ads blocked, as it can affect income. However, big tech companies sometimes let malicious ads slip through their security, and users can be tricked into clicking on them.
Using ad blockers requires responsibility. I use an ad blocker but disable it on websites I visit often if they provide valuable content. This way, I support them by allowing their ads to be displayed.
Well, that's my take on an essential aspect of keeping small businesses safe, and this wraps up our series. As always, I hope you learned something new.
If you have any questions or suggestions, please reach out to me at askatech@mmg.com.au