3 Security Myths Your Team Believes That May Be Hurting Your Enterprise
Have you heard that Mac computers can’t get viruses? Well, it’s not true. And that’s not the only common misconception people have about Apple devices in their environment.
None of the myths below is cause for alarm, but if you’re running an operation that primarily serves PC users, chances are you’re probably not paying as much attention to the security of your Mac and iOS devices as you should.
The good news is that Apple’s focus on privacy and security isn’t just a boon to end users. It’s also great news for any enterprise where Mac and iOS devices are part of your environment. Here, we’ll address a few common security myths and the unique features Apple has built to ensure user privacy and device security.
Common Security Myths about Apple Devices
If we were to rank our three favorite myths about Apple products, they’d all apply directly to Mac computers in an enterprise environment.
1: Mac Computers Can’t Get Viruses.
Mac computers and iOS devices are as vulnerable to malware and phishing attempts as any other device on the market that’s connected to a network or the internet.
Unfortunately for Mac and Windows PC users alike, the most recent Malwarebytes report found that although overall consumer threat detections were down by 2 percent in the past year, malware detections increased by 13 percent on business endpoints in 2019.
2: Mac Computers Are More Secure Than Windows PCs.
Like all Apple devices, Mac computers are built with privacy in mind, but they’re not more secure than any other device on your network unless you have the right network security measures in place.
One of the reasons Mac devices may be compromised is that many enterprises that primarily use Windows PCs do not have mobile device management tools or an mobile device management (MDM) solution that’s tailored to the needs of Mac users.
For organizations that welcome Apple devices and provide appropriate IT support, Mac computers have been shown to have significant benefits. A recent Forrester report found that organizations reduced their risk of a data breach by 50 percent per deployed Mac computer.
3: Just Add Macs to Your Active Directory – It’s All the Same.
The Active Directory myth is that you can manage Mac devices on your network by adding them to your Active Directory, and they’ll benefit from all the same security features you have in place for the Windows devices on the list. This simply isn’t true.
Similarly, the only security feature that transfers to Apple products in these situations are password complexity rules, which do little to secure the actual devices. There’s a broad conversation happening online about binding devices to a domain or binding to an active directory, but it won’t help you do what you need to secure devices.
Why Do These Myths Persist? Mac Devices Require Less IT Support
Since personal computers became a staple of workplaces in the 1990’s, Windows devices have been ubiquitous in enterprise environments. Part of the reason so many myths about Mac devices persist is the sheer volume of Windows devices out there and the relatively high number of issues their end users experience.
In comparison, Mac computers do provide end users with an excellent user experience and require less attention from IT administrators. This is thanks in large part to self-service opportunities.
But there’s real math to back this up: Forrester found that PC users open an average of six tickets per year and that each ticket costs $30 to resolve. In contrast, Mac users open 50 percent fewer tickets, and each ticket costs 25 percent less to resolve. These positive experiences on the end user, IT administrator, and administrative levels have helped construct the public perception that they are bulletproof (metaphorically, of course).
Apple devices are beloved by end users because they’re beautiful, highly functional, and backed up with an excellent instructional library that allows end users to troubleshoot any issues they encounter on their own. But this doesn’t mean that they allow individual end users the kind of enterprise-level security your network requires without the support of an IT department.
Now that Mac and iOS devices are present in just about every Fortune 1000 company, there are fewer pervasive myths out there, but there’s also a lack of general awareness of what makes Mac computers so secure.
5 Features that Make Mac Computers Stand Out
Apple is all about privacy and security, and new Mac and iOS devices come with a few baked-in features that make Apple devices standout in the marketplace. These include five features that can help secure Apple devices in the event that they are lost, stolen, or damaged.
- Touch ID and Face ID. New Mac computers that have Touch ID are encrypted by default when you put a password on the device. Set it up, create my account, and the hardware that’s inside the device encrypts the data that’s on it at rest. You used to have to turn encryption on, but now it’s by default out of the box. Same as iOS devices. Touch ID / Face ID (away from password reliance
- Encryption. As part of Apple’s renewed commitment to user privacy and device security, Mac and iOS devices now come with encryption right out-of-the-box.
- XProtect. You won’t see a mention of XProtect on Apple’s Mac OS security page, but it’s the antimalware program that’s been running under the hood of every Mac computer since the release of Mac OS X 10.6 Snow Leopard in 2009. This program is part of the security architecture of Apple computers. It helps flag potential malware before it’s downloaded onto devices and alerts users to potential risks.
- Find My can help you locate a Mac computer, iPad, or iPhone using Bluetooth signals. In the event that an Apple device goes missing that has your company’s data on it, this app can help you quickly locate and secure that device, wherever it is. If your company uses an MDM solution to manage Apple devices, your IT team can deactivate or wipe enrolled devices remotely, even if you have a BYOD policy.
- Apple T2 security chips. New Apple devices contain T2 security chips, which are uniquely coded for their individual device. This means that if someone were to steal and disassemble a MacBook Pro with a T2 security chip, they wouldn’t be able to install its component parts into another device and successfully launch them.
One of the things that makes Apple devices stable is that every application available through the app store is sandboxed. Because they go through a pre-launch and easy retraction process, every app is built with stability and security in mind.
Apple’s focus on security is total, and this is reflected in their native data backup and storage options. Apple’s FileVault 2 and iCloud encryption make BC/DR planning a matter of internal activation rather than a process that requires requisitioning outside resources.
There’s No Accounting for End User Error
At the end of the day, end users are humans and humans make mistakes. Smart people fall prey to phishing attempts every day, even within IT departments. And no device can be fully proofed against these types of threats.
However, you can prepare for these threats by paying attention to network security, maintaining antivirus software as a last layer of defense, and providing support for all the types of devices on your network. By educating and training your IT teams to support Mac device users and recognize the threats to Apple devices on your network, you’ll be able to ensure that their devices are updated and secure.
Whether you have ten Apple devices in your environment or 100, it may make sense to have a system to proactively manage devices in your environment – including the Mac and iOS devices – to ensure you’re meeting your team’s security objectives.