[ad_1]
A ransomware assault can deliver your whole group to a halt. Many state-sponsored and financially motivated risk actors usually goal e-mail servers, comparable to Microsoft Exchange, to steal or encrypt confidential enterprise information and delicate info, comparable to PII, for ransom.
Recently, FIN7—a extremely lively infamous ransomware group—was discovered focusing on weak Exchange Server organizations based mostly on the their measurement, income, variety of staff, and so on. They used an auto-attack system known as Checkmarks and leveraged the SQL injection vulnerabilities to infiltrate the organizations’ community and steal or encrypt confidential enterprise information.
In this text, we’ve shared 5 methods that may enable you to enhance your Exchange Server safety and shield your enterprise from such cyberattacks.
Top 5 Ways to Improve Exchange Server Security
Following are the highest 5 methods to guard your Exchange group from numerous threats and guarantee enterprise continuity.
1. Install Exchange Server Updates
Installing updates is likely one of the most crucial points of securing your Exchange group or e-mail servers from numerous on-line threats and ransomware assaults. By putting in the newest Exchange updates (as and after they arrive), you’ll be able to patch the vulnerabilities and safe your group from malicious assaults. This will enable you repair bugs and shut any open doorways that hackers might exploit to achieve entry to your group’s community or information. Besides the Exchange Server, you will need to additionally replace the Windows Server OS and different software program as quickly as doable.
2. Use an Exchange-Aware Security Software
Malicious packages or virus intrusion can infect your Exchange e-mail server and the messaging system. They might enter the system or community by unsolicited, spam emails, or focused and complex phishing assaults.
While Exchange Servers have built-in anti-spam safety to filter spam or phishing emails and a Windows Defender software with anti-virus/malware safety, it’s possible you’ll take into account putting in extra third occasion Exchange-aware safety software program in your server. This will enable you proactively scan and filter phishing or spam emails which will comprise malicious hyperlinks or attachments.
3. Inform and Educate Users
Your staff or customers are the primary line of protection. Every worker in your group with e-mail entry is a goal for attackers. Thus, it may very well be your strongest or weakest level with regards to securing the group’s community from on-line threats or information theft.
Come up with cybersecurity insurance policies and consciousness coaching packages for workers. Make these obligatory and part of the annual evaluation. You should implement these insurance policies and set guidelines for web shopping, social networks, emails, and cellular units. Also, take away entry to your community for any worker that leaves the group instantly.
By educating and coaching your workforce on cyber safety assaults and their affect on the group, you’ll be able to successfully cope with the threats and stop malicious assaults to a major extent.
4. Enable Multi-factor Authentication
Using a weak or similar password at your work that has been used a number of instances on different web sites or social media channels poses a severe risk to the group’s safety. Such passwords could be simply cracked with brute drive or might leak if the web site is breached.
To guarantee customers within the group don’t use weak passwords, implement a password coverage. The coverage ought to drive customers in your group to create complicated passwords containing a mixture of letters (uppercase + lowercase), numbers, and particular characters. It ought to stop customers from utilizing a beforehand used password. Further, the password must also be modified after 30-45 days.
In addition, allow multi-factor authentication (MFA) by way of one-time password (OTP) or authenticator apps for licensed entry. MFA assist prevents unauthorized entry to person accounts and mailboxes in Exchange Server even when the password is leaked in a breach or stolen by way of a phishing assault.
5. Enable RBAC for Access Control
Use the Role-Based Access Control (RBAC) permission mannequin accessible within the Microsoft Exchange Server to grant permissions to directors and customers. Based on their duties or duties, you need to use the RBAC to grant the required permissions or roles quickly and revoke them as soon as the job or process is finished. In addition, it’s additionally necessary to audit the entry management to maintain a examine on person accounts with administrator or elevated privileges.
To study extra, consult with the Microsoft documentation on the Role Based Access Control.
Final Thoughts
Maintaining enterprise continuity within the period of rising ransomware assaults is a problem. Though Microsoft repeatedly releases safety updates with hotfixes to patch Exchange Server vulnerabilities, you will need to take extra measures to additional strengthen the server safety. The first step is to acknowledge cyberattacks as they aren’t going away and embody them in your small business continuity plan. In addition to the 5 methods we mentioned, you must keep an everyday verified backup. Follow the 3-2-1 backup rule and use Windows Server Backup or any third-party Exchange-aware backup utility to create VSS-based backups.
You must also hold an Exchange restoration software program, comparable to Stellar Repair for Exchange, because it is useful when the backups aren’t accessible, out of date, or fails to revive the information. The software program can assist restore person mailboxes and different information from compromised or failed Exchange servers and broken or corrupt database (.edb) recordsdata to PST. You may also export the recovered mailboxes and information to Office 365 or one other stay Exchange Server immediately and guarantee enterprise continuity.
By Gary Bernstein