Macs in Enterprises Today and 5 Steps to Secure Their Data
From a niche player, Apple succeeded to have a general-purpose enterprise use nowadays. Once best suited only for creative roles in design, photography or marketing, today Macs experience a growing adoption in enterprises as a result of a higher demand from all employees. One of the top reasons is the low total cost of ownership; an enterprise could save from $265 to $535 over a four-year period for each employee who uses a Mac over a PC. Apple knows that and their strategy reflects in every release and every product they launch.
Take the macOS Sierra, for example. Currently, its adoption has reached 38% among Mac users, while Windows 10 has less than 25%. When we look at the features that were released in September, we see two things – Apple’s desire to strengthen their market share by unifying users’ experience with all Apple products and their convenience and ease of use stamp. Auto Unlock allows users to unlock their Mac with their Apple Watch; the Universal Clipboard, makes it possible to copy paste text from Mac to iPhone or iPod, or vice versa; the checkout using Apple Pay makes shopping easy by allowing checking out from websites supporting Apple Pay on Safari. See the trend?
This year, another feature is expected to become available for the entire public: the new Apple File System (APFS). APFS will provide the option to encrypt individual files with separate keys and its metadata as well as whole disks. This ensures integrated and faster encryption compared to the existing FileVault feature that slowly encrypts an entire drive. APFS also increases the speed of automatically backing up files from the desktop and the Documents folder to iCloud.
With the evolution of Apple products and operating systems, chances of data security incidents increase considerably. Think about human error, negligence with sensitive data, security fatigue, loss or theft, the intentional disclosure of confidential data, and many more of these unwanted events that can happen on Macs and other Apple products, regardless how secure they are by design.
Hence, we thought of some steps you can take to make sure you avoid the above-mentioned events and protect your company information and your private data:
1. Encrypt hard drive
The data stored on your Mac isn’t automatically encrypted. Many users are not aware that they have to enable the encryption themselves. Apple’s encryption solution, FileVault 2, secures Macs’ drives requiring users to input a password whenever their Mac starts up. If you’re an IT administrator and want to enable FileVault 2 remotely and for all users at once, you can use Mobile Device Management. Besides a simple thick box for enabling the built-in encryption option, the MDM policies from Endpoint Protector also allow the password management to ensure users have strong passwords.
2. Manage iCloud backups responsibly
For an individual, having all contacts, settings, calendars, bookmarks, photos, etc. backed up on iCloud is really useful, if not necessary if planning to upgrade to a superior iPhone, iPad, etc.
However, for organizations, it might not be that great to have confidential company details on an employees’ iCloud account. This is another aspect that can be easily solved with MDM solutions, by disabling the iCloud backup option and the iCloud document sync. Additionally, IT Administrators can force encrypted backups.
3. Use a VPN on public networks
Using a Virtual Private Network (VPN) on public networks is vital in order to keep data safe, protecting it from attackers who try to intercept in any way the communication and get access to confidential data. With a VPN, a secure connection is created, adding a protective encryption layer for all the data that is moving in and out.
4. Encrypt Time Machine Backup
It cannot take you back in time to erase your biggest life mistakes or have a do-over, but it surely helps you to backup and restore your Mac. The Time Machine backup is a built-in backup feature that keeps an up-to-date copy of all files, BUT the backup is unencrypted. Even if you use FileVault, Time Machine backups are not being encrypted by default. Therefore, you should encrypt your backup separately. You can check here all the steps.
5. Address insider threats with DLP
Everyone is excited about Sierra’s brand new features, but many are not aware of the possible data threats that can come along with them, such as data leaks or theft, especially inside enterprises. In a research we conducted a while ago (we believe things have not changed a lot since then), we discovered that a big percentage of employees have access to confidential data and the majority of them don’t even know it. The IT Policy Compliance Group reported that 75% of all data loss is the result of human error, employees representing one of the major insider data threats for a company.
For an increased control over Macs’ security and data loss derived from insider threats, businesses should implement Data Loss Prevention (DLP) solutions. Compared to the period when DLP started to gain traction in the market and it wasn’t available for Macs, now there is Endpoint Protector which provides the most advanced Data Loss Prevention solution to secure macOS endpoints. Endpoint Protector brings enterprises a solution to protect valuable sensitive information like personally identifiable information (PII): Credit Card Numbers (CCNs) or Social Security Numbers (SSN), etc. through detailed content inspection taking into consideration the most important exit points on Macs – e-mail, Safari, AirDrop, iBooks Author, iTunes, Thunderbolt ports, and others. In addition, the USB Enforced Encryption solution which is also available for macOS perfectly complements the DLP, allowing companies to force employees to encrypt data in transit and store the sensitive documents only on encrypted devices.
Macs’ flourishing era is not going to end anytime soon. Security teams need to enhance data protection on Macs as they do on Windows computers to face the challenge of the growing presence of Macs in enterprises and their continuously changing features.
We would love to hear what other security measures you implement in your company to secure data on Macs. Let us know in a comment.