A ransomware attack can bring your entire organization to a halt. Many state-sponsored and financially motivated threat actors often target email servers, such as Microsoft Exchange, to steal or encrypt confidential business data and sensitive information, such as PII, for ransom.
Recently, FIN7—a highly active notorious ransomware group—was found targeting vulnerable Exchange Server organizations based on the their size, revenue, number of employees, etc. They used an auto-attack system called Checkmarks and leveraged the SQL injection vulnerabilities to infiltrate the organizations’ network and steal or encrypt confidential business data.
In this article, we’ve shared 5 ways that can help you to improve your Exchange Server security and protect your enterprise from such cyberattacks.
Following are the top 5 ways to protect your Exchange organization from various threats and ensure business continuity.
Installing updates is one of the most critical aspects of securing your Exchange organization or email servers from various online threats and ransomware attacks. By installing the latest Exchange updates (as and when they arrive), you can patch the vulnerabilities and secure your organization from malicious attacks. This will help you fix bugs and close any open doors that hackers may exploit to gain access to your organization’s network or data. Besides the Exchange Server, you must also update the Windows Server OS and other software as soon as possible.
Malicious programs or virus intrusion can infect your Exchange email server and the messaging system. They may enter the system or network through unsolicited, spam emails, or targeted and sophisticated phishing attacks.
While Exchange Servers have built-in anti-spam protection to filter spam or phishing emails and a Windows Defender tool with anti-virus/malware protection, you may consider installing additional 3rd party Exchange-aware security software on your server. This will help you proactively scan and filter phishing or spam emails that may contain malicious links or attachments.
Your employees or users are the first line of defense. Every employee in your organization with email access is a target for attackers. Thus, it could be your strongest or weakest point when it comes to securing the organization’s network from online threats or data theft.
Come up with cybersecurity policies and awareness training programs for employees. Make these mandatory and a part of the annual review. You must implement these policies and set rules for internet browsing, social networks, emails, and mobile devices. Also, remove access to your network for any employee that leaves the organization immediately.
By educating and training your workforce on cyber security attacks and their impact on the organization, you can effectively deal with the threats and prevent malicious attacks to a significant extent.
Using a weak or same password at your work that has been used multiple times on other websites or social media channels poses a serious threat to the organization’s security. Such passwords can be easily cracked with brute force or may leak if the website is breached.
To ensure users in the organization do not use weak passwords, enforce a password policy. The policy should force users in your organization to create complex passwords containing a combination of letters (uppercase + lowercase), numbers, and special characters. It should prevent users from using a previously used password. Further, the password should also be changed after 30-45 days.
In addition, enable multi-factor authentication (MFA) via one-time password (OTP) or authenticator apps for authorized access. MFA help prevents unauthorized access to user accounts and mailboxes in Exchange Server even if the password is leaked in a breach or stolen via a phishing attack.
Use the Role-Based Access Control (RBAC) permission model available in the Microsoft Exchange Server to grant permissions to administrators and users. Based on their tasks or duties, you can use the RBAC to grant the required permissions or roles temporarily and revoke them once the job or task is done. In addition, it’s also important to audit the access control to keep a check on user accounts with administrator or elevated privileges.
To learn more, refer to the Microsoft documentation on the Role Based Access Control.
Maintaining business continuity in the era of growing ransomware attacks is a challenge. Though Microsoft regularly releases security updates with hotfixes to patch Exchange Server vulnerabilities, you must take additional measures to further strengthen the server security. The first step is to acknowledge cyberattacks as they aren’t going away and include them in your business continuity plan. In addition to the 5 ways we discussed, you should maintain a regular verified backup. Follow the 3-2-1 backup rule and use Windows Server Backup or any third-party Exchange-aware backup utility to create VSS-based backups.
You should also keep an Exchange recovery software, such as Stellar Repair for Exchange, as it comes in handy when the backups aren’t available, obsolete, or fails to restore the data. The software can help restore user mailboxes and other data from compromised or failed Exchange servers and damaged or corrupt database (.edb) files to PST. You can also export the recovered mailboxes and data to Office 365 or another live Exchange Server directly and ensure business continuity.
By Gary Bernstein
