Every so often, a cyberattack makes its way into the news.
The latest is the Microsoft Exchange Vulnerability – which sounds a little bit like a Jason Bourne movie.
Jokes aside, it is a pretty serious cyberattack, and Microsoft has been releasing patches to fix the four vulnerabilities that the bad guys (the industry term, funnily enough, is “actors”) have discovered and are exploiting.
So what actually is the Microsoft Exchange Vulnerability, why should you care, and how can you protect yourself and your organisation from cyberattacks?
What is Microsoft Exchange?
Many organisations use Google or Microsoft’s cloud email servers through Google Workspace or Microsoft 365 (that’s you if you’re a Base2 client!).
However, a number of organisations manage their email server on-premise and Microsoft Exchange Server is one of the most popular software platforms to use.
In very simple terms, it’s the backend to Outlook where all the technical email stuff happens.
What actually is vulnerable?
Microsoft Exchange Servers 2010, 2013, 2016 and 2019 are the ones at risk.
Each has four vulnerabilities that hackers can exploit to get access to your organisation’s emails.
These vulnerabilities can also be used to leave behind a web shell – like a hidden gateway – that will allow the hackers access, even if the patch (which contains fixes for the vulnerabilities) is installed.
Is this a big deal?
If you are running one of those Microsoft Exchange Servers – it is a massive deal.
All your organisation’s emails could be accessed, published on the internet, ransomed and deleted. Ouch!
What should I do?
Quickly install the patches that Microsoft have released the fix the issues.
Then you’ll need to try and identify if someone had got in before you installed the patch. This may mean you need to rebuild your Microsoft Exchange Server.
Feel free to reach out to our team if you need some help at this point!
I’m a Base2 customer. Am I running a Microsoft Exchange server?
No, you’re not. If you’re one of our customers, you can relax.
Your emails are hosted through Microsoft 365 and are not affected by the cyberattack.
However, you can’t relax when it comes to cybersecurity
There are way more cyberattacks (including big ones) than what is published in the media.
Organisations are constantly having to defend themselves from bad guys all over the world trying to get into their IT systems.
And, there is no such thing as being too small or flying under the radar. When it comes to cyberattacks, everyone is fair game.
So, how can you protect yourself from cyberattacks?
Cyberattacks can, in some cases, be so devastating that companies go out of business.
While this is at the extreme end, even smaller successful attacks, which take your systems offline for a period of time or steal confidential or private data, can have a significant impact.
This is why prevention is way more effective than cure.
If you have the right security measure in place and up to date, your organisation is in pretty good shape to fight off the multitude of attacks out there.
We recommend starting with these three steps:
- Use two-factor authentication on everything.
- Run a security score check to help identify improvements to your security settings. You can do this with us!
- Speak to your IT provider (or us!) about potential security threats and events. The earlier these are identified, the less they tend to be an issue.
We can help
The threat of cyberattacks can seem non-existent for New Zealand businesses, but the reality can be pretty scary. That’s why we’re here to help – whether you’re affected by the Microsoft Exchange Vulnerability or want to make sure your cybersecurity is up to scratch – get in touch with our team.