2016 has seen a renewed and sustained level of cyber threats which use email as the attack vector. If you’re not being coerced into clicking a link in a malicious email, then you may be invited to open an attachment, which will almost always require you to run macros or “enable content.”

Macros, which appear in Office documents such as Microsoft Word or Excel, are intended to be a business-enabler, whilst they offer productivity benefits they are also the main target for cyber criminals who would exploit end-users through social-engineering attacks.

A macro is a set of repeatable instructions embedded inside the document that allows the content to be less laborious to work with. However, those instructions could also compromise your computer, initiating a data breach.

I recommend you review your policies and ensure your email filters are as tight as possible, whilst still allowing the business to operate. It wouldn’t hurt to go down to grass roots to speak with staff to really understand how much macros are needed or even used.

Only if it is business-critical for you to receive macro-enabled attachments should you ever allow them into your company, think of every single one of them as potential Trojan Horse.