Securing Data on macOS while Working from Home
In the last two decades, Macs gradually entered the workplace, first as a specialized tool for creatives and, increasingly, as a device of choice in the enterprise. Its rise owes much to the introduction of policies that allowed employees to use their own devices in the workplace or to choose their work technology.
In a recent JAMF survey, 52% of the organizations that participated offered employees the ability to select what type of computer they use at work. When given the option, employees consistently chose Apple devices over the PC, with a staggering 72% favoring Macs. 68% of employees considered they were more productive when they could work on their preferred device.
The adoption of Macs in the enterprise can also have long term financial benefits for a company. While the initial investment might be higher than that required for PCs, Macs are built with high-end specs that are meant to last a long time and generate significantly less helpdesk support inquiries than PCs. They come with macOS free of charge and have built-in solutions such as encryption tool File Vault and antimalware software XProtect that, in the case of PCs, need to be purchased separately.
The recent COVID-19 pandemic has challenged the way companies operate, with many being forced to move their entire operations remotely. This means that both work Macs and PCs have been taken out of the security of company offices and are now being used remotely by employees to work from home.
The Challenges of Working Remotely on a Mac
macOS has long been considered a more secure operating system than Windows due to its Unix-based architecture and native encryption options. More recently, its transition from kernel extensions to system extensions that execute code in a controlled user-space, added an extra layer of security, eliminating a popular attack vector for macOS.
All this means macOS users are less prone to malicious attacks than their Windows-using colleagues, but when it comes to data security, system vulnerabilities are often not the weakest link: it’s the people using that data. Even in the case of outsider interference, many data breaches occur because employees fall for social engineering and phishing attacks and unwittingly reveal their credentials and sensitive company information.
Worse still, any data saved locally on a hard drive for legitimate work-related reasons becomes vulnerable to leaks and theft. Employees working from home become less vigilant and the software that would usually enforce company data protection policies, may not work remotely or when a Mac is offline. This means that anyone with access to the computer can easily copy files on removable devices or connect infected devices to it.
By allowing such vulnerabilities to persist, companies not only risk data breaches and the reputational damage they bring with them, but also noncompliance with data protection regulations and standards such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI-DSS) or the California Consumer Privacy Act (CCPA) that comes with heavy penalties.
Data Loss Prevention for macOS
Data Loss Prevention (DLP) solutions allow companies to discover, monitor and control sensitive data on Macs. When applied at the endpoint level, they can be used remotely as well and some, like Endpoint Protector, will even ensure that policies continue to be active and sensitive data is protected when a Mac is offline.
Through DLP policies, organizations can block the use of removable devices or limit their use to trusted company-issued devices. They can also ensure that sensitive data is not transferred via potentially vulnerable channels such as popular messaging apps, third-party file-sharing, or cloud services.
Flexibility is also key when it comes to DLP and remote work: if employees face unexpected situations, they must be able to deal with them in a timely manner. This can be done through offline temporary password options which allow employees to request the lifting of limitations applied to their username or device for a limited period so they can deal with an emergency. Such situations can arise particularly while working from home where employees do not have access to the full range of work-place devices, and they might need to adopt alternative solutions on the fly.
For companies new to DLP, deployment can be easily managed remotely and can take as little as 30 minutes. Few organizations run a Mac-only environment which means companies have the choice of adopting dedicated solutions for each operating system or using a cross-platform solution.
While cross-platform solutions are the most convenient as they require only one product to be purchased and it means an entire network can be managed from one dashboard, organizations must be careful in their choice: many solutions that claim to be cross-platform, focus primarily on Windows and add macOS as an afterthought. For a truly efficient cross-platform DLP solution, feature parity is paramount. In this way, companies can ensure that their computers are protected regardless of the operating system they run on.
The ongoing pandemic has led to a spike in phishing attacks, with opportunistic malicious outsiders trying to take advantage of the shift towards remote work to steal data. Despite their strong security features, Macs are just as vulnerable as PCs when it comes to these kinds of underhanded tactics and their employees’ own more relaxed attitude when working remotely. Companies must, therefore, continue to be vigilant when it comes to data security and consider it an essential part of any remote work strategy.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.