For very good reasons, news websites are full of reporting about a serious attack on users of Microsoft Exchange email servers.
A Chinese hacking group suddenly unleashed never-before-seen exploits which allowed them to compromise servers around the world. The focus initially seems to have been on the US but it’s spread now and countries globally are still assessing the risks and damage.
I’m writing about this now because, as we’ve pointed out before, your technology and security is a PR concern. What we noticed in this case though was that in its breathless reporting of the issue, much of the mainstream media failed to point out a fundamental aspect of the story: that it primarily affects what are known as “on-premise” Exchange servers, not cloud-based ones (looking at you BBC).
This doesn’t make the attack any less serious, but it does affect how worried some business owners and managers need to be right now.
Millions of smaller businesses (and, in fact, these days many bigger ones) don’t actually have a hardware email server of their own. They use accounts provided by Microsoft, hosted on its infrastructure in data centres around the world. For the purposes of this particular attack this is a very different beast and is NOT the product which is immediately vulnerable.
Companies which are of a scale to have their own Exchange servers generally have the IT support to manage them. Those technicians have been scrambling to make the adjustments and add software patches recommended by Microsoft since the exploit was discovered. The theft of data and/or damage to systems is still being assessed.
This is not to say if you have a Microsoft 365 tenant, where MS provides all the hosting infrastructure for your email and files (SharePoint, OneDrive, etc) you can be complacent because probes of those accounts are apparently going on, but they are not immediately vulnerable to these particular exploits.
As ever though, when you use networked computers you must be vigilant and encourage and support your staff to be the same way. The fundamentals don’t change:
- don’t open attachments you don’t recognise or weren’t expecting;
- use strong passwords and update them on a regular basis;
- do admin tasks with an admin account, not your main working account;
- limit admin privileges to only those which are absolutely needed and only to the people who absolutely need them;
- think carefully before connecting your account to third party services and disconnect those you no longer need straight away;
- don’t leave shared folders exposed any longer than necessary.
There are many more things you can do and we’re most definitely not the experts here. If you have cloud accounts and have any doubts or concerns that you could be exposed to unnecessary security threats, get a specialist to give your setup the once-over for vulnerabilities. It’s a few hundred pounds that could save your entire business and reputation in the longer term.
But, if you’ve been hearing about this major attack on Microsoft Exchange and were concerned because you use the Microsoft 365 suite, you can relax a bit and know that you’re not the immediate target of this attack. Can’t promise about the next one though…
READ MORE: Here’s good overview from ZD Net (which does mention the difference between on-premises and cloud!)