The Mac User at Work – Business Data Security Risks

In 2011, IDC reported that Mac sales increased by 51% among small offices (fewer than 10 employees). Meanwhile, Mac sales among small businesses (with 10–99 employees) and medium-sized businesses (with 100–499 employees) rose by 93.5% and 56.7%, respectively.

Macs aren’t immune to malware

In fact, Mac malware have been seen since floppy disks were still in use. Mac malware, then known as “viruses,” like Elk Cloner, MDEF, and nVIR spread via floppy disks as early as 1982. Worms like LEAP and LAMZEV also wreaked havoc on Macs in the past. And as the Mac user base continued to grow, so did the Mac malware volume, specifically Domain Name System (DNS) changers and rogue antivirus tailor-made for the OS X platform.

The Flashback malware outbreak in 2012 infected over 600,000 Macs.

Cross-platform vulnerabilities are affecting Macs

Java exploits—zero day or not—are transcending boundaries. Cross-platform vulnerabilities continue to grow in number, giving bad guys control over infected systems, regardless of OS. Sophisticated malware like Crisis, which transforms Macs into audio surveillance devices, also plagued users in an attack.

Unpatched virtual environments on Macs are potential holes cybercriminals can exploit as well. Just because you don’t use applications all the time, that doesn’t mean they should remain unpatched.

Though regular patching on your part helps, it’s also not a cure-all. Vendor failure to issue patches also puts you at risk. The Flashback incident, for instance, put Apple in a bad light. The company was accused of being slow in issuing patches compared with competitors, indirectly causing users grief as they fell prey to click-fraud Trojans.

Apple recorded its highest number of vulnerabilities and issued a record number of 83 patches for security flaws in Safari in March 2012.

Apple’s "walled garden" approach doesn’t ensure iOS security

The close restrictive control that Apple applies to its device ecosystem forms its so-called “walled garden.” This can be both a good and a bad thing.

It’s good because Apple adheres to rigorous processes against threats. This doesn’t translate to malware immunity though, as the Flashback outbreak showed.

It’s bad because organizations can mistakenly use the walled garden as an excuse for lax security measures. Trend Micro is one of the vendors providing business security software for Apple computers.

Tips for securing your company’s data while using Macs

  • Separate fanfare from fact. Like any other platform, Macs also need effective security solutions to keep sensitive data safe from threats. Choose a solution that not only fits your organization’s size but also considers all the platforms your employees use.
  • Make a stand against social engineering. Relying on security intelligence can help you explore various scenarios wherein cybercriminals were able to breach networks with the aid of malicious insiders or ignorant employees. Keep employees and stakeholders updated on notable security incidents. Tell them how they sometimes help the bad guys breach their networks by falling for cleverly crafted baits.
  • Be your own defender against BYOD-related threats. Accept the fact that the Mac user base is rapidly growing, even in your organization. With the advent of mobility and rich data plans, it’s safe to assume that personal and company data will dwell in a single device more often. Create and implement clear BYOD policies to minimize the risk of losing data.
  • Invest in IT. Cybercriminals often target SMBs because they sorely lack IT resources and are insufficiently secured against attacks. Fortunately, security doesn’t have to cost a lot in order to be effective. Organizations with limited IT resources can rely on fast, easy-to-use, and effective solutions like Trend Micro™ Worry-Free™ Business Security solutions.
  • You can’t have too many walls against threats. Secure your organization in more ways than one. Don’t be content with what your device vendor can provide. Keep in mind that malware no longer discriminate against platforms. Encourage regular password changes, noting that even the strongest of passwords aren’t crack-proof amid all kinds of information people share online.