Dealing with a Cyberattack? Access Expert Help Here >

March 18, 2021

The Microsoft Exchange Server Breach: Why it Matters for Your Small Business

Edward Maurer
Director of Security

The Microsoft Exchange Server breach; you may have seen the headlines, or maybe it was lost in the sea of the seemingly endless reports of cybersecurity-related incidents. You’re running a small business, you’ve got other things to worry about, so you moved on.

Unfortunately, if you’re one of the many small businesses that hasn’t moved its email servers to the cloud (ie. Office 365 or Gmail), you might be in for a difficult time.

What’s the difference between server and cloud-based email anyway?

In the simplest of terms, the former is email and calendaring software that runs on a dedicated in-house server (or what some refer to as on-prem) that you control and maintain. The latter runs on a cloud-based server that is controlled and maintained by the service provider.

More control is better right?

While that seems like the logical conclusion, for a small or midsized business with limited IT resources, cloud-based email is more economical, and ultimately a safer option. Even though the monthly costs for cloud-based email can seem hefty, when weighed against both the human capital cost and potential losses if a breach were to occur, you’ll likely find that cloud-based email comes out ahead.

Let’s break it down.

Recently, Microsoft released a patch for their exchange servers to plug four security holes for anyone running Microsoft Exchange Server 2013 through 2019. As I mentioned above, ensuring the safety of a dedicated-server involves constant monitoring and updating by IT professionals, including applying these types of patches. This is a resource most small and midsize businesses can’t afford. And even if this particular security patch was applied, there is a high likelihood that the hole was already compromised by a foreign adversary giving the attackers total, remote control over the affected systems. This also opens the door to other bad actors who can use it to take over any unpatched mail servers.

What can the hackers do with this level of access?

Once they gain access, they can read every email in your organization. While this may not sound terrible, think about the amount of proprietary information companies share via email on a daily basis. If this information falls into the wrong hands, the costs, both financially and to your reputation as a trusted partner to your clients, can be devastating.

And access to your email is just the beginning. Once they are in, they can also encrypt your data with ransomware, blocking your access and holding it ransom in exchange for payment, and can go even deeper by gaining administrative access to other servers and systems connected to your network.

What can I do if my company hasn’t made the switch?

We recommend that you follow these guidelines from The Cybersecurity and Infrastructure Security Agency (CISA) which include:

  1. Creating a forensic backup of your system
  2. Checking to see if you’ve been compromised
  3. Updating your system to the latest patch
  4. What to do if you’ve been compromised

If you need additional guidance or support the AaDya security team is here to help. Feel free to email us at inquiries@aadyasecurity.com, or call us at 800.918.9113.

AaDya Security provides smart, simple, affordable and effective cybersecurity software solutions for small and midsize businesses. You can learn more about Marzo4, our all-in-one platform here.