Many people believe the Mac® is more secure than PCs, and that hackers don’t waste time on them. Forrester has even reported that a Mac is “more secure than a Windows machine,” as “historically there have been relatively few intrusions on a Mac.”
According to a Kaspersky Security Bulletin, the main reason why cyber-criminals are targeting the Mac is because “Apple® products are popular with many influential politicians and prominent businessmen, and the information stored in the devices owned by these people is of interest to a certain category of cyber-criminal”.
While Mac OS X® has strong built-in security features, there are six specific things smart IT managers already do to protect their organizations from breaches and data loss – without investing in expensive security solutions to get started.
1. Use Mobile Device Management
Your security is closely tied to how well you manage your Macs. For example, many IT professionals want to apply their Windows group policies to Macs. While this is possible, it’s not ideal, as you’ll need complex patches or expensive third-party tools to make it work.
Instead, look at your existing policies and apply them to Macs using mobile device management (MDM). If you already use MDM, this will make things easier for you, as Mac users may self-provision services through MDM. If you are not using MDM, bringing Macs into your organization provides you with an opportunity to revisit your old policies and update them for today’s workplace.
2. Don’t Overlook Your Mac
Although IT departments should manage every system on their corporate networks, many fail to include the Mac in their managed fleets. This oversight may lead to breaches and data loss.
Use Network Access Control (NAC) to protect all of your systems. NAC allows you to place Macs in a restrictive VLAN where you provide them with Internet, email and virtualization. If your Macs get compromised, your other systems will remain secure.
Macs, like PCs, also need a strong encryption solution. While FileVault 2 is great for consumers, it’s not ideal for enterprises. Instead, use an enterprise-level security solution such as Sophos or McAfee. Since Macs and PCs are prone to theft and loss, full disk encryption will also help to prevent data loss if a Mac in your fleet goes missing.
3. Install Anti-Malware Protection
PDF and Java exploits are among the most common malware attacks. After all, everyone opens PDFs and uses Java. While there have been no documented cases to Apple of a PDF Malware attack, there was a Java exploit that has been documented. This does raise concerns around possible security exploits. Installing an antivirus software package is a good option to use to help prevent hackers from stealing your passwords and data.
4. Secure your company’s Macs by turning off AirDrop.
This feature is built into Mac OS X and allows users to see all Mac users that are connected to the network – even secure networks. Although this makes it easier for Mac users to share files, it also makes it easy for corporate data to become compromised. Instead of AirDrop®, give Mac users a more secure way to share files.
5. Restrict access to iCloud.
Since iCloud® is a consumer-based cloud service, it doesn’t have the proper security features to keep your business data safe. Blocking access to iCloud helps control data leakage and loss.
6. Integrate OS X with Active Directory.
This will give IT better visibility into all of Mac users on the network, and enforce authentication and password policies. For more information, download the Apple white paper, “Best Practices for Integrating OS X with Active Directory”.
Many of the steps you should take secure Macs are the same steps you must take to protect PCs. Also be sure to check out the “How to Decide if Your Organization is Apple-Ready” infographic and see how prepared your organization is to handle the realities of Macs in the enterprise.