Best Security Practices Around MacOS
Not so long ago, people believed macOS was unhackable. To them, purchasing a Macbook was a safety measure in and of itself. But as time went on, cybercriminals turned their attention to Apple’s Operating System, looking at it as a challenge — and their efforts since then haven’t gone unnoticed.
The need for reliable macOS security is increasing, as the development of macOS malware surged by 1,092 percent last year, according to a report conducted by Atlas VPN. There were 674,273 new malware samples in 2020 alone. In 2019, only 56,556 samples were detected. What do these staggering numbers mean for IT Admins? MacOS security is a massive opportunity.
While securing Macbooks may not be as easy as it once was, it shouldn’t be all that difficult for IT Admins operating in today’s ever-changing IT threat landscape, as long as they get started with a few IT security best practices.
Enable MDM for device lock and device wipe capabilities
Employees aren’t always careful as they should be when using their own or company-owned devices. If an employee walks away from a device and leaves it unlocked, it’s possible for a criminal to not only steal the physical device but also gain access to any sensitive information on that device.
Once a criminal takes a device, consider it gone; the likelihood of your client recovering a stolen device is small. In fact, ninety-eight percent of stolen laptops are never recovered, making macOS security a top priority for any IT Admin. Being able to control a device when it’s not physically present is critical to securing the systems and networks of your customers.
For example, Apple’s Device Lock and Device Wipe capabilities are two additional security measures to know about when managing macOS devices. These features are only available in Addigy when using Addigy’s mobile device management (MDM) framework.
Depending on the situation, either Device Lock or Device Wipe can be used when a device is lost or when offboarding an employee. In both cases, the company’s data is secured and safe from any potential malicious activities.
Without a doubt, passwords are the first line of defense against cybercriminals. While many end users may not follow password best practices, IT professionals are often just as guilty for creating weak passwords for their macOS devices, even though they know better, so enforcing multiple password policies through an MDM configuration is oftentimes necessary.
When securing accounts, passwords alone aren’t enough; there need to be additional layers of protection. For instance, create an MDM payload to set password settings for your end-users. If you’re unsure of how to set your macOS security configurations, Addigy suggests the following setting, which we’ve adapted from the NIST Cybersecurity Framework:
- Passwords do not allow simple value — Disable “allow simple passwords.”
- Password requires alphanumeric value — Require at least one letter and one number.
- Password history restriction — Restrict reusing passwords to three unique passwords before reusing.
- Password length enforced — Require a minimum of eight characters to a maximum length of 16.
- Password complexity — Enforce at least two “minimum number of complex characters.”
- Password lock after failed login attempts — 10 failed login attempts before locking the device (macOS).
Using Addigy Identity, you can leverage your current Identity Service Providers such as Google, Okta, and Azure credentials and security requirements seamlessly. Removing the complexity of making all users manage multiple passwords while still enforcing your required compliance and two-factor authentication on macOS devices.
Start screensaver after 15 minutes — and not a minute longer
Leaving a MacBook unattended is problematic, for an unauthorized user may be able to gain access to sensitive data. Enabling a device’s screen saver and turning on the locking feature is another great way to mitigate physical access to an Apple device. Enforcing the use of a screensaver will give enough time to assume the device’s user has walked away from the device and enforce a password to access sensitive data.
Are client devices updated regularly? They should be!
Having the latest version of any operating system (OS) ensures your end users have the most up-to-date security settings — macOS and iOS are no different. Outdated software and hardware create vulnerabilities that cybercriminals can exploit to gain access to sensitive data on client networks and systems. One way to prevent this from happening is by deploying macOS security updates whenever they become available.
But it’s not practical to update each device individually whenever there’s a new macOS security update. Instead, deploying macOS security updates to a group of devices using a cloud-based Apple device management solution, such as Addigy, is typically the better route to take. This ensures that every device connected to a client’s network is updated at the same time, leaving little to no room for human error.
Using an Apple MDM solution and following best security practices around macOS protects your clients from potential cybersecurity threats by ensuring they’re properly securing and updating their devices.
Like this topic? We recommend reading: Apple confirms Macs get malware by Thomas Reed at Malwarebytes