Do you use Microsoft Exchange server for your work emails? If so, it’s important that you update the software following targeted attacks from criminals.
The National Cyber Security Centre (NCSC) has reported that Microsoft Exchange Server 2013, 2016 and 2019 have been compromised. They recommend following Microsoft’s guidance on securing the software. You can find out how to install the update here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
Microsoft suggests prioritising updates on Exchange Servers that are externally facing, but eventually updating all servers. Further to installing the update, Microsoft recommends restricting access to untrusted connections and using a Virtual Private Network (VPN).
A VPN makes a user’s connection to devices that are located elsewhere more secure. This is because they are encrypted, which means data is transferred as code rather than a normal text. If a criminal did manage to access your connection, they wouldn’t be able to decipher the information you are sending between devices.
If an attacker already has access to your Microsoft Exchange or can convince an administrator to run a malicious file, you might still be at risk of an attack. Make sure your team are on the lookout for any suspicious activity and remind them not to open any unexpected files.
If you’re unsure of how to update your server, or don’t know whether you should be using a VPN, email our team of online security experts at firstname.lastname@example.org.
The National Cyber Security Centre (NCSC) and National Police Chiefs Council (NPCC) are working together to support the establishment of Regional Cyber Resilience Centres (CRCs). The CRCs represent a significant opportunity for the NCSC to expand the reach of its guidance and services to smaller organisations across the country, and provide an extra level of practical support to enhance their impact. The NCSC is currently assisting the NPCC in determining the suite of cyber security services that the CRCs will be able to offer.