Hello! If your organization uses Microsoft Exchange for email, you'll want to be aware of this. The U.S. CISA (Cybersecurity and Infrastructure Security Agency) and NSA (National Security Agency) have just given out some simple but significant tips on how to secure Exchange servers against hackers.
I have set up a handful of Exchange configurations, and let me tell you, when one of these goes sideways, it won't be pretty. Therefore, let's summarize the content of the article as clearly as possible.
CISA and NSA have indicated that hacking attempts are still occurring on old, outdated, or unsecured Exchange servers. Once hackers gain access to one of these servers, they can gain access deeper into an organization or surreptitiously collect data from other cloud resources.
Pretty terrifying, right? The reason we felt it was so important to share these new safety tips.
1. Keep everything updated
• Always install all latest security updates and patches.
• Don't use old or unsupported Exchange versions, just upgrade or stop using it. I once saw a company running Exchange 2013 in 2024; basically, that was opening the doors for hackers.
2. Use strong logins
• Turn on multi-factor authentication (MFA) - which adds additional failure points for attackers to break in.
• Limit admin access to those who actually need it, and let them use role-based access control so not everyone can change settings.
3. Lock down access
• Only allow access to admin tools from trusted computers or networks.
• Use TLS (encryption) for your data being transmitted online.
I know this is nerdy stuff, but it really means a lot in stopping real-world attacks.
4. Disable or segregate legacy servers
• If you are still running legacy Exchange servers, disable them or migrate everything to the newer platforms.
• Don’t allow legacy devices to connect to anything — hackers love discovering these abandoned systems.
5. Maintain vigilance
• Monitor for unauthorized logins or changes.
• Have always a reliable backup and recovery strategy in place, just in case.
I have set up a handful of Exchange configurations, and let me tell you, when one of these goes sideways, it won't be pretty. Therefore, let's summarize the content of the article as clearly as possible.
Why This Matters?
Microsoft Exchange servers are the mainstay of many organizations' email systems, storing lots of messages, passwords, and user information, all reasons why they present a great target to hackers.CISA and NSA have indicated that hacking attempts are still occurring on old, outdated, or unsecured Exchange servers. Once hackers gain access to one of these servers, they can gain access deeper into an organization or surreptitiously collect data from other cloud resources.
Pretty terrifying, right? The reason we felt it was so important to share these new safety tips.
Main Tips From CISA and NSA
Here are their points on what you should put in place, and frankly, almost all indicates to stop, think, and update and lock things down.1. Keep everything updated
• Always install all latest security updates and patches.
• Don't use old or unsupported Exchange versions, just upgrade or stop using it. I once saw a company running Exchange 2013 in 2024; basically, that was opening the doors for hackers.
2. Use strong logins
• Turn on multi-factor authentication (MFA) - which adds additional failure points for attackers to break in.
• Limit admin access to those who actually need it, and let them use role-based access control so not everyone can change settings.
3. Lock down access
• Only allow access to admin tools from trusted computers or networks.
• Use TLS (encryption) for your data being transmitted online.
I know this is nerdy stuff, but it really means a lot in stopping real-world attacks.
4. Disable or segregate legacy servers
• If you are still running legacy Exchange servers, disable them or migrate everything to the newer platforms.
• Don’t allow legacy devices to connect to anything — hackers love discovering these abandoned systems.
5. Maintain vigilance
• Monitor for unauthorized logins or changes.
• Have always a reliable backup and recovery strategy in place, just in case.
