ato logo
Search Suggestion:

Essential 8 strategy 3 – configuring macro settings

Last updated 2 March 2023

Macros in Microsoft Office applications are a great way to automate and simplify day--to-day tasks, but they can also be a security risk if they're not checked and maintained regularly.

The Australian Cyber Security Centre (ACSC) has seen a growing number of attempts to compromise businesses by embedding macros with malware.

Strategy 3 – configuring Microsoft Office macro settings

Macros are a series of commands that record your mouse clicks and the buttons you press on your keyboard (also known as keystrokes) to create a shortcut for repetitive tasks. For example, you might create a macro in Excel to list out the months of the year in bold and change the cells' background to green.

Macros can be created by anyone and shared with other people, like the shared templates available in Microsoft applications.

Cybercriminals create and share these malicious macros, hoping that others might use them and unknowingly give cybercriminals unauthorised access to their devices.

Before thinking about using a macro, ask yourself these 3 questions:

  • Is there a business requirement for the macro?
  • Has the macro been developed or provided by a trusted party?
  • Has it been validated by a trustworthy and technically skilled party?

You should still secure your systems even if you don't use macros to prevent any potential risks to your systems and client data. Start by:

  • disabling macros for other system users who don't need them to do their job
  • only enabling macros from trusted locations
  • only enabling macros that have been created (also known as being digitally signed) by people you trust
  • only enabling macros on a case-by-case basis.

More information