Security

5 ways to secure OS X

With OS X security exploits on the rise, Jesus Vigo takes a look at 5 ways to better protect your Mac from malware infections and data loss.

Image: iStock/Bet_Noire

Cybersecurity is at an all-time high. What with a seemingly endless wave of breaches — one after the other — across many different businesses, including healthcare and food services, the exposure these compromises bring with them is nothing short of destructive for all involved.

And yet for Apple users, the distortion field that has led many to believe that their devices are invulnerable to infection or compromise has been quietly, yet steadily crumbling year-over-year. Apple poses a huge (and growing) payload for those that would profit from security breaches, including crippling ransomware that is perfecting its codebase so as to decrypt your data in exchange for monetary compensation or risk losing access to your files forever.

At the risk of sounding paranoid, no one is safe from these persistent threats, but that doesn't mean there aren't things you can do to protect your sensitive information and to better limit your exposure while trying to keep malware at bay.

Let's take a look at five proven methods, based on industry best practices (and in no particular order), to further protect your computer and safeguard your data so that it is kept out of the hands of unauthorized persons.

1. Passwords

Arguably the weakest link in the security chain are passwords — and for several reasons. Too short, too simple, repetitive (as in used for multiple applications), not changed over time, written down as a sticky note on your computer — the list goes on and on.

While the sheer number of accounts the average user manages seemingly increases daily, none of that really matters until one account becomes compromised due to a weak password. At which point, an attacker will try any and every account possibility to keep escalating access until email, bank accounts, or even medical records have been harvested.

There are many possibilities, such as password managers like 1Password and LastPass. Some of which are built correctly and meet (or exceed) established minimum password requirements. Even with password management or a solid password replacement strategy in place, the password is still an active target, which is why authentication technologies such as biometrics, for example, add an additional layer of protection as 2-Factor Authentication or 2-Step Verification to require a secondary form of security. This ensures that access is granted solely to the authorized user and no one else.

2. Firewall

Whether it be a hardware or software-based firewall, its purpose is to protect incoming and outgoing network packets to ensure that only the communications you requested are received and that only those that you are sending are able to leave your network.

With the ability to secure communications on a network, this useful function should be enabled by all users on all supported devices. And yet, that isn't always the case. Even when included on by default as with most modern OSes and hardware routers, users turn off one or both services in lieu of not having to deal with the persistent notifications and/or simply allowing services to run unchecked since it is easier to use when it doesn't have to be configured.

The sad reality is that while these services may present "annoying" prompts or require a knowledgeable professional to configure them properly, the hassle is inconsequential when compared to the amount of errant data being transmitted to and from a compromised device.

With everything seemingly having an always-on connection to the Internet, in some cases, your router's firewall is your best — and sometimes only — line of defense at keeping your Personally Identifiable Information (PII), personal data, and anything else that is online from leaking out into the Internet for all to see, or even use against you.

3. Malware Protection

Viruses, Trojan horses, spyware, adware, worms, rootkits, bots and the new king of the lucrative malware scene— ransomware; these are types of malware that your computer's operating system may be susceptible to after only minutes of being online at any given time.

These infections — all huddled under the malware umbrella — have different methods of infection, different payloads and altogether told different agendas for existing. But they all share a typical similar end-result: untold damages to you or others on the Internet.

Why would anyone not install a malware suite featuring real-time scanning protection before navigating the murky waters of the Internet? While malware protection is really only as good as the virus definition updates in place, the truth is that some protection is always going to provide better security than no defense at all.

With the many malware providers available — software ranging from free applications, like Sophos with full-featured engines to comprehensive suites that offer complete protection, even from unknown threats via advanced heuristics — are available to affordably protect the devices on your network, some such as Kaspersky Internet Security even contain tools to prevent ransomware from encrypting your data.

4. Encryption

Securing data goes beyond keeping files out of the hands of unauthorized personnel. Truthfully speaking, sometimes the very individuals you don't want to gain access to your data may already have access to it or are dangerously close to obtaining it. To provide added protection, encryption should be used to ensure that even if data is obtained, it won't be useful as it cannot be unscrambled.

With heavier emphasis being placed on data security — both in motion and at rest — modern OSes leverage Trusted Platform Modules (TPM) to enable hardware-based encryption schemes like BitLocker for Microsoft or FileVault from Apple.

File, directory, or whole hard disk encryption is useful in cases involving loss or theft of a device to protect company records from falling into the wrong hands. However, encryption should not be limited in scope as just being suitable for sensitive data or even just for computers. Using GNU Privacy Guard (GPG), users are able to encrypt data on USB flash drives or secure email to ensure confidentiality and non-repudiation.

5. Education

The single, most often ignored tool in the arsenal to protect our systems and ourselves from threats is education and training. Relegated to obscurity due to shortfalls in budgets or lack of enthusiasm, education doesn't have to be an expense nor does it have to be a boring snore-fest either.

Education can come from various sources and be relayed much the same way. Be it company memos, department meetings, even a small, concise email or text or a notice on the company's Intranet site can provide the opportunity to highlight to your fellow coworkers some of the persistent threats currently in circulation and how to best protect against them.

Training , when done correctly, has the largest possibility for success. And even then, training doesn't have to be a get-everything-in-so-we-can-all-leave-quickly event. As the saying goes, sometimes less is more, so keeping trainings on-target and moving briskly is for the best. Break up trainings into bite-sized pieces of information that focus on one or two small to medium-sized topics that can be easily addressed and explained.

But most importantly, know your target audience. This is key to informing the masses about what's out there, how it works, and how to protect against it. Some topics, such as phishing through email or telephone for sensitive information, and physical security guidelines to prevent piggybacking by personnel apply to everyone at the company - bottom to top. Topics involving whaling, data security for remote employees, or encrypting hard drives for financial department computers are better left to discussions between IT and the respective groups which they apply to. There's no need to bog down someone's mind with all this security talk when much of it may not even apply to them, especially considering how much of a heavyweight security is to begin with.

Also see

About Jesus Vigo

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from seve...

Editor's Picks

Free Newsletters, In your Inbox