Five Ways to Improve Exchange Server Security

A ransomware attack can bring your entire organization to a standstill. Many government-sponsored and financially motivated threat actors often target email servers, such as Microsoft Exchange, to steal or encrypt confidential business data and sensitive information, such as PII, for ransom.

Recently, FIN7 – a highly active notorious ransomware group – was found to target vulnerable Exchange Server organizations based on their size, revenue, number of employees, etc. They used an auto-attack system called Checkmarks and exploited the SQL injection vulnerabilities to infiltrate organizations’ networks and steal or encrypt confidential business data.

In this article, we have shared 5 ways that can help you improve your Exchange Server security and protect your business from such cyber attacks.

Top 5 Ways to Improve Exchange Server Security

Ransomware Comic Cloudtweaks

Following are the top 5 ways to protect your Exchange organization from various threats and ensure business continuity.

1. Install Exchange Server Updates

Installing updates is one of the most critical aspects of securing your Exchange organization or email servers against various online threats and ransomware attacks. By installing the latest Exchange updates (as they arrive), you can patch the vulnerabilities and secure your organization from malicious attacks. This will help you fix bugs and close any open doors that hackers can exploit to gain access to your organization’s network or data. In addition to Exchange Server, you should also update the Windows Server OS and other software as soon as possible.

2. Use an Exchange-Aware security software

Malicious programs or virus intrusions can infect your Exchange email server and messaging system. They can enter the system or network through unsolicited, spam emails or targeted and sophisticated phishing attacks.

While Exchange servers have built-in anti-spam protection to filter spam or phishing emails and a Windows Defender tool with anti-virus/malware protection, you may want to consider installing additional 3rd party Exchange-aware security software on your server. This will help you proactively scan and filter phishing or spam emails that may contain malicious links or attachments.

3. Inform and educate users

Your employees or users are the first line of defense. Every employee in your organization with email access is a target for attackers. It can thus be your strongest or weakest point when it comes to securing the organization’s network against online threats or data theft.

Come up with cyber security policies and awareness training programs for employees. Make these mandatory and part of the annual review. You must implement these policies and set rules for internet browsing, social networking, email and mobile devices. Also, remove access to your network for any employee who leaves the organization immediately.

By educating and training your workforce on cybersecurity attacks and their impact on the organization, you can effectively manage the threats and significantly prevent malicious attacks.

4. Enable multi-factor authentication

Using a weak or the same password at work that has been used multiple times on other websites or social media channels poses a serious threat to your organization’s security. Such passwords can be easily cracked with brute force or can be leaked if the website is breached.

To ensure that users in your organization do not use weak passwords, you must enforce a password policy. The policy should force users in your organization to create complex passwords that contain a combination of letters (uppercase + lowercase), numbers, and special characters. It should prevent users from using a previously used password. In addition, the password must also be changed after 30-45 days.

Additionally, enable multi-factor authentication (MFA) via one-time password (OTP) or authentication apps for authorized access. MFA help prevents unauthorized access to user accounts and mailboxes in Exchange Server, even if the password is leaked in a breach or stolen via a phishing attack.

5. Enable RBAC for access control

Use the role-based access control (RBAC) permission model available in Microsoft Exchange Server to grant permissions to administrators and users. Based on their tasks or duties, you can use RBAC to temporarily grant the necessary permissions or roles and revoke them when the job or task is done. In addition, it is also important to revise the access control to keep track of user accounts with administrator rights or elevated rights.

To learn more, see the Microsoft documentation on Role-Based Access Control.

Final thoughts

Maintaining business continuity in an era of growing ransomware attacks is a challenge. Although Microsoft regularly releases security updates with hotfixes to fix Exchange Server vulnerabilities, you must take additional measures to further strengthen server security. The first step is to recognize cyber-attacks as they are not going away and include them in your business continuity plan. In addition to the 5 ways we discussed, you should maintain a regular verified backup. Follow the 3-2-1 backup rule and use Windows Server Backup or a third-party Exchange-aware backup tool to create VSS-based backups.

You should also keep an Exchange recovery software, such as Stellar Repair for Exchange, as it comes in handy when the backups are unavailable, out of date, or fail to restore the data. The software can help recover user mailboxes and other data from compromised or faulty Exchange servers and damaged or corrupt database files (.edb) to PST. You can also export the recovered mailboxes and data to Office 365 or another live Exchange Server directly and ensure business continuity.

by Gary Bernstein


Leave a Reply

Your email address will not be published. Required fields are marked *