Malware is somewhat of an anomaly on Macs. For years, Apple users reveled in the knowledge that their OS of choice was impervious to viral infection. Apple even highlighted this lack of threat as a selling point in commercials and marketing for earlier versions of OS X.
And yet for the last few years, we've seen a steady increase in the number of threats aimed squarely at macOS users. As Apple continues to grow market share for computers and servers, the potential number of targets goes up and has caught the attention of threat actors looking to cash in.
Though still not as explosive as the Windows market share, in less than a year, Macs have gone from not having any major malware infections to having several ransomware threats; the threats got progressively more sophisticated, even employing signed digital certificates to facilitate in compromising a device.
SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
One thing is certain, regardless of what OS you're working on, the approach to data security is not a one-size-fits-all solution; it can and will vary based on the organization's needs and resources. Consideration must also be given to complying with industry-specific regulations that may exist.
With that said, safeguards are merely that—the risk associated with malware infections is always present, as risk can't be fully eliminated. By applying multiple security applications as a layered solution, this provides comprehensive protection on several fronts to minimize the threat of a potential outbreak in accordance with best practices.
1: Update macOS client and server OSes
OS updates ensure that clients and servers will be patched against known vulnerabilities. While this does not include zero-day exploits, the overwhelming number of Common Vulnerability and Exposures (CVEs) patched in any given update can easily be dozens of tiny, seemingly insignificant holes that are patched against exploit— often for services that may not even be readily in use on a particular system, but that spread infection nonetheless.
With patch management playing such a crucial role in ongoing system protection, there is no end to the tools available to small, medium, or large organizations to help ensure that their systems are current. First-party tools from Apple—which include leveraging Terminal to remotely execute update commands on devices to implementing macOS Server to manage your own Apple Update Server—make short work of ensuring devices are patched and reporting facilitates granular feedback. Additionally, third-party suites exist that may bundle this form of patch remediation for all application types and include imaging software for streamlined OS deployment.
2: Keep applications current
Sooner or later, all individual software apps will require an update to enable a new feature, protect against a detected vulnerability, and/or provide compatibility with a newer OS. These updates are just as important as the OS updates, in that they allow the applications in question to provide the latest security and protection to your system and its running processes and most importantly, how it handles your data.
Apple offers a wonderful solution in Apple Remote Desktop that may be used to deploy application updates, install new packages, or even execute commands and scripts remotely in a 1:1 or 1:many environment, among other features. Third-party suites are also available to push or deploy patch remediation that will sometimes allow for it to run in a web-based setting (a la MDM) or requiring a physical command & control server.
3: Ensure security is enabled and configured properly
Like all modern computers, macOS includes a host of hardware and software security implementations to secure. Enabling strong passwords, restricted accounts, and limiting the use of administrative context usage is the tip of the iceberg.
Secured network protocols and firewalls, for example, provide security against hijacked transmissions and preventing access to known malicious websites. While these logical security devices in particular do not solely prevent malware infection, they can go a ways toward preventing devices from communicating with networks that are known to be infected.
Antivirus and malware applications are available from a number of top-tier security companies, often for free, with excellent detection rates, always-on monitoring, and heuristics scanning, which can be extended to include detection capabilities of ransomware-like processes and alerting users to them in an effort to thwart attacks before they have a chance to deliver the full payload.
SEE: Why Bitdefender Antivirus is a wise choice for Mac users (TechRepublic)
4: Lock down your devices physically and logically
Hardening clients and servers is imperative to limit the attack surface from internal or external attacks. The process of hardening a Mac client will differ from a Mac server, in that the aim for their use can vary drastically.
By assessing what the devices will be used for, you can determine how the device should be locked down from a security standpoint. Keep in mind that any applications, services, and connected devices that are not needed or that are deprecated (such as the SMBv1 protocol that was succeeded by SMBv2 and SMBv3 respectively) should be considered a potential attack vector that may be exploited and should be disabled immediately.
Physical security is often overlooked and simply put, one of several surefire ways to infect a device because it is not a typical delivery method given the physical proximity an attacker must have with the host system. Be that as it may, a device with a logged on user account and no screen lock or a server that may be easily rebooted and have its local security bypassed since no boot password was set may be at the center of causing days, weeks, or even months worth of costly damage because of a two-minute breach that could've been prevented by a 30-second countermeasure.
SEE: Ransomware: The smart person's guide (TechRepublic)
5: Back up, back up, back up
Let's face it, a computer is only as reliable as the data it works with. If said data has become compromised, corrupt, or otherwise lost its integrity (say through encryption by ransomware), it will cease to be useful or reliable.
One of the best protections against ransomware (by virtue of allowing you to bounce back from it quickly) is a good backup system; as a matter of fact, several backup systems are even better. Since data can be backed up to several different media at once, an incremental backup to a local drive that you can transport with you, alongside a constant backup to cloud storage with versioning support, and a third backup to a network server with encryption provides ample redundancy so that if your local drive becomes compromised, you still have three possible data sets to recover from.
Time Machine, Apple's ubiquitous backup application for clients and servers, provides a lightweight solution for backing up local data across multiple storage types. Extending this capability further, macOS Server includes the Time Machine Server service, which allows it to act as a centralized management point for all Time Machine backups located in an organization and allows it to scale to meet the needs and demands of the enterprise.
Conversely, iCloud offers an excellent cloud backup capability that is baked right into all modern versions of macOS and allow data to be restored virtually instantaneously from any Apple device or modern web browser.
6: Secure data storage and transmissions
Encrypting data on the whole will not prevent your computer from ransomware infections, nor will it prevent a virus from encrypting the already encrypted data should the device become infected. Be that as it may, some apps use a form of containerization to sandbox data that is encrypted, rendering it unreadable by any process outside the container application's API.
Encryption software such as FileVault 2 allows for whole-disk encryption so all the data, apps, etc. are fully protected from tampering when the user is logged out or the machine is powered off. This helps protect data since, otherwise, without the admin account being logged on, malware payloads will simply read gibberish data that cannot be infected or modified by ransomware.
Similarly, using VPN and Proxy servers to secure network connectivity and reroute traffic are tools that can be combined with secured network infrastructure best practices to allow connectivity between trusted networks or for devices that have been verified to be compliant. Based on filters set up to quarantine untrusted, infected, or noncompliant systems, it is an effective method to limit the exposure of an attack.
SEE: Video: How to survive the global cyberwar (TechRepublic)
7: Protect your Windows Boot Camp installations
While many Mac users do not implement any other system other than macOS on their Apple hardware, a large number of users do, especially when leveraging technologies such as Boot Camp to allow for dual-booting Windows on your Mac.
Many users fail to realize that simply running Windows on Apple hardware will not make that Windows installation as resilient as the host OS. As a matter of fact, you've actually doubled the administrative overhead needed in managing that device since now two OSes must effectively be managed: macOS and Windows.
For more security advice, check out my TechRepublic column 10 ways to protect your Windows computers against ransomware for tips on not only managing the Windows side of your Mac installation, but also for OS-agnostic recommendations about risk management, implementing security policies, and end-user training.
- Mac app developers issue malware warning after server compromise (ZDNet)
- How to avoid ransomware attacks: 10 tips (TechRepublic)
- Video: How enterprise companies can identify and manage emerging cyber-threats (TechRepublic)
- How to use OverSight to track when hackers access your webcam (TechRepublic)
- Why SMBs are at high risk for ransomware attacks, and how they can protect themselves (TechRepublic)
- Report: Ransomware attacks grew 600% in 2016, costing businesses $1B (TechRepublic)
- Ransomware attack: How a nuisance became a global threat (ZDNet)
- WannaCrypt makes an easy case for Linux (TechRepublic)
- Download: How to set up two-factor authentication for your favorite platforms and services (free PDF) (TechRepublic)
Does your organization rely on multi-layered security measures such as those we've looked at here? Share your advice and opinions with fellow TechRepublic members.
Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from several vendors, including Apple and CompTIA.