In the last ten years, Macs have gradually made their way into the workplace. Their number has increased through Apple’s own efforts to improve their products for use in the enterprise such as their transition to M1 chips and system extensions, but also the implementation of Bring-Your-Own-Device (BYOD) and Choose-Your-Own-Device (CYOD) policies which allowed employees to decide on the type of device they want to work on.
In 2021, macOS device use across US enterprises reached 23% while iPhones accounted for 49% of work phones and iPads were the most used tablets in the business environment, according to IDC. This widespread use of Apple devices in business is making many companies rethink their approach to endpoint provisioning, management, and, more importantly, security.
The risk of insider threats
With its solid Unix-based architecture, native encryption options and new kextless mode, macOS has never been more secure. However, while Macs might be more secure against brute force and malware attacks, they are just as vulnerable to one of the biggest threats to data security: the people operating them. Whether through carelessness, turning malicious or falling for phishing or social engineering attacks, employees are at the root of some of the most disastrous data breaches in history.
The number of security incidents caused by insiders increased by a staggering 47% since 2018, according to the Ponemon Institute’s 2020 Cost of Insider Threats Global Report, with human error alone accounting for 23% of all data breaches. A further 7% were due to malicious insiders and 17% of external attacks used employees as an entry point into the company network.
The rise of data protection legislation
While in the past companies may have been tempted to take their chances and rely on Macs’ advanced security to prevent data breaches, nowadays protecting sensitive customer data is no longer a choice, but a legal obligation. From the US and Japan to Brazil and the EU and its notorious General Data Protection Regulation (GDPR), organizations face massive fines if they do not take the necessary measures to protect sensitive information.
Some of the world’s biggest companies such as Google, H&M and Marriott have already been hit by record-breaking GDPR fines. However, while big corporations might survive €20 million or higher penalties, for smaller companies these can prove fatal. Reputational damage is also harder to overcome for small to mid-sized organizations as it increases the likelihood of lost business as customers choose competitors without a history of bad data security practices.
Protecting sensitive data with Data Loss Prevention
When it comes to sensitive data protection on Macs, solutions like antivirus and antimalware software that protect an entire device from outside tampering, are not effective. Employees need access to data to effectively perform their duties. Data Loss Prevention (DLP) solutions were developed to help companies secure data from human error by protecting sensitive data directly.
Using DLP, organizations can define what sensitive data means to them, whether it’s personally identifiable information (PII) or different categories of intellectual property (IP). Once defined, DLP policies can be applied to identify, monitor and control the movements of files containing sensitive information. In this way, companies can prevent sensitive data from leaving Macs and ensure it is not transferred via insecure channels such as messaging apps, personal emails, or file sharing services.
Removable devices, which can easily be lost or stolen, are another common data security concern for computers running on any operating system, including macOS. DLP device control policies can limit or block the use of USB and peripheral ports as well as Bluetooth connections. Device control features can help companies monitor the use of removable devices and identify which user has copied files to which devices, making it easy to spot suspicious insider activity that may result in data theft.
Some DLP solutions like Endpoint Protector offer a higher degree of flexibility in policies, allowing companies to set restrictions and privileges based on groups, departments, devices and even individuals. In this way, employees that have access to sensitive data on a daily basis can have stronger policies in place without affecting the rest of the work force.
When it comes to protecting data on Macs, companies also need to choose DLP products that offer zero-day support for any new macOS releases. This means that the product developers have access to macOS updates ahead of their public release and can test the compatibility of their software with them beforehand. Incompatibility with new updates can compromise a company’s data protection efforts and open the door to data loss. By choosing DLP products that offer zero-day support, organizations can ensure that data protection is continuous.
Frequently Asked Questions
The United States, where Apple has been a household name for the last forty years, is one of the biggest markets for Macs. 29.4% of desktop computer users in the United States use macOS as their operating system, the highest adoption rate in the Americas and one of the highest in the world.
While Macs accounted for 27.1% of all of Japan’s computer sales in 2020, it is Singapore that has the most macOS users in Asia. 23.7% of Singaporeans use a desktop computer running on macOS. In Europe, Denmark has the highest percentage of macOS users, accounting for an impressive 31.6% of all desktop computer users. Still, when it comes to sheer volume, it’s the United Kingdom that wins due to the size of its population. 27.4% of British desktop computers in use run on macOS. Read more.
At first glance, Macs, that have a starting price of $999 that increases depending on needs, is a considerably higher investment than PCs, that can average as little as $400 for a basic device. However, this is only the initial investment, not the total cost of ownership (TCO) of a computer. TCO takes into account the entire lifecycle of a machine, not only initial cost, but also how long a device lasts and the costs associated with it such as additional licenses, repairs and helpdesk support.
The reason Macs come with such a high initial cost is because they are built with high-end specs that are meant to last a long time. According to a 2018 Microsoft study, the optimal age of PCs is no more than four years old. Macs meanwhile average between 5 and 7 years of service, with some lasting longer. The initial cost of a PC can also greatly differ based on needs. A high-end PC can come close in price to a Mac with similar specs. Read more here.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.