Preventing Ransomware in Macro Docs?
Posted on 2016-09-29
I have implemented a quarantine mailbox for email with attached documents that is managed by 2 trained staff. The intent is to prevent ransom-ware infection through macro enabled documents. I have been informed that this process is not well liked and it takes too long to get documents. Typically docs are forwarded on within an hour or less but sometimes can be a couple hours depending on staff availability.
Current Security in place
1. Barracuda Spam Firewall
2. Webroot Secure Anywhere (Previously Vipre Enterprise which did not catch the Ransom-ware)
3. Vipre Email Security for Exchange
4. KnowBe4 security training and phish testing regularly. (We still sometimes get 1-3% of people clicking on phishing links)
Am I being overly cautious? Should quarantines be managed by each end user instead of I.T.? (End users are the weakest link)
This came about because of a zero-hour locky outbreak a few months ago that took 12+ hours to clean up.
Any opinions appreciated. I do not like being the gatekeeper for everyone's docs in email and do not want our quarantine process to be a hindrance to business.