Securing Small Business Data in Mac Centric Industries
Posted on by Derek Erwin
A common misstep by many small businesses is the presumption that because of their size, they are less of a security target. This false sense of security is exacerbated when the businesses are Mac-based; even today, many people still believe Macs are immune to attacks. This is a concerning opinion, especially for small businesses that have a number of high profile clients. What are the big threats facing small businesses, and what can be done to secure their valuable data?
Mac Malware Was Only a Matter of Time
Over the last few years, a new trend has emerged: Mac malware is on the rise, and it has affected hundreds of thousands of Mac OS X computers. Flashback and iWorm are two examples that garnered a lot of attention, and additional threats are aplenty.
An increase in breaches means attackers are either more abundant, or more successful than they have been in the past; it’s probably a combination of the two. And the more a platform or operating system has been successfully attacked, the more attackers are encouraged to pummel away at it.
The level of complexity of Mac malware and its capabilities are already on par with threats built for Windows. This has produced a constantly evolving threat landscape that can be complicated and surprising to the average small business owner. As a result, business security can seem overwhelming, and in particular, for those that have a Mac user-base.
Just because employees choose to use Mac OS X does not mean they are inherently protected from harm. In fact, Mac-based businesses are often equally enticing to cybercriminals—and there are many reasons for this.
Size Doesn’t Matter—Data Does
One reason is because Macs are generally favored by creative industries like design, web services, marketing, public relations and advertising. These industries rely on the Mac’s design credentials to support clients, and because of their close relationships with clients it means they have access to a wealth of corporate knowledge, intelligence and intellectual property (IP). This data can be an incredibly attractive and valuable target for cybercriminals.
It is important for businesses of every size to choose effective digital security measures: comprehensive Internet usage policies, cloud-based security solutions and general employee education. The time when malware was the only threat has long passed. For cybercriminals today, size is irrelevant—it is the valuable data they are after.
For these reasons, it is critical small business owners assess the security risks within their businesses by considering the possible return on investment for intruders.
Are Business Macs Worth a Hack?
Most businesses, small and large, have lived and breathed Windows computers, and due to the enduring history of Windows attacks, they likely have products and policies in place to protect these machines. But can the same be said for the Mac OS platforms in the business environment?
When it comes to Windows machines, businesses might have a good idea what this cost could be, and so they protect these computers accordingly. But when it comes to Macs and other Apple devices, many organizations fail to protect their Macs with as many layers of security as they would a Windows machine, or they fail to patch or update software in a timely manner.
When these security “bloopers,” so to speak, occur, Macs become a low-cost point of entry for intruders wanting to breach an organization. This is problematic, because criminals know exactly how much stolen data will sell for and they know how to best spend their time to generate a maximum return on investment.
In the eyes of a cybercriminal a computer is just a holding-place for data to be stolen, and the data on a Mac is no less valuable. Most popular software, such as Java and Adobe Flash, now work on all major operating systems, and an exploit that works on one operating system may work across them all.
Designing a Strong Security Strategy
According to Timothy Francis, a leader in the cyber insurance field, 62-percent of cyber-breach victims are small and medium-sized businesses. The lucrative value of a client’s data puts creative companies firmly in the spotlight. Furthermore, creative companies have a corporate structure built around agile teams, shared resources and, commonly, a single person handling the company’s security strategy—often the business owner.
This means a design agency could suddenly find itself as the weakest link in the security chain. This is concerning for clients and in particular, large corporates that value their innovation and privacy.
If robust security systems are not in place, criminals could leverage the situation in many ways:
- Prolonged data theft or one-off breaches
- Unnoticeable financial transactions through a company corporate account
- IP theft, or even corporate espionage on behalf of third parties
- R&D theft, sabotage or the stealing of creative materials for monetary gain
- Leaking information to the press or selling it to underground communities
For the agency, experiencing any of the above could bring the business to its knees, both from a reputation point of view and financially. Any theft would likely lead to the client cancelling its contract, which could filter through to others doing the same. There might even be legal ramifications, as employees could be found culpable through oversight or breach of confidentiality agreements.
Perhaps the most damaging part of a breach is that it could go unnoticed, unless a company is using a trusted cloud-based security solution to protect employee machines and to monitor the network before a breach occurs.
Mac malware is coming at a faster pace each year as Apple’s products grow in popularity. While it may never reach the torrential force of new malware released for Windows, it does not mean it is not a real threat. If a business’s network or the data on it is deemed to be worth the effort, cybercriminals already have the tools at their disposal to attack.
This risk alone demonstrates that all businesses should adopt a proactive security strategy, particularly if their business model is based on a consultative model. Now is a better time than ever to ensure company security policies and tools are protecting Macs and Apple devices to the same extent that Windows machines are protected. If steps are not taken to prevent business data theft, small business owners could find themselves struggling with the fallout.