Mac security 101: How secure are Macs, really?

Macs have a reputation for being more secure than their Windows-based counterparts. This honor is not entirely misplaced. After all, macOS malware is relatively uncommon, and Apple has a host of features designed to enhance security.

But with malware on the rise, failure is always an option. The savvy sysadmin must be aware of security concerns. An Atlas VPN investigation suggests that macOS malware grew by 1,092% in 2020 alone. While this is still a small fraction of the malware threats faced by Windows environments, it’s nothing to sneeze at.

We’ll detail the ins and outs of Mac security to help you protect your environment.

This article is part of our Macadmin Myth Busters campaign. Discover the truth behind other common IT myths in our article 5 Macadmin myths to bust.

How secure are Macs?

Macs are frequently seen as more secure than PCs, but no internet-connected device is completely immune to threats.

Macs have historically faced fewer attacks in part because they were less popular than Windows-based PCs, so cybercriminals simply didn’t target them. However, threat actors are increasingly developing Mac malware, elevating the need for careful security measures.

In fact, in 2021, Forbes reported that a recent malware attack took security back a decade, effectively bypassing Apple’s extensive security measures.

Macs can be hacked, but they may face fewer threats than a Windows PC. However, malware increasingly targets Macs.

What types of threats impact Macs? 

Malware is a significant threat against virtually all devices, including Macs. While Windows PCs tend to be more susceptible to traditional forms of malicious software, adware and potentially unwanted programs (PUPs) are prevalent for Macs.

Adware can redirect your browser searches, display pop-ups, slow your computer’s performance, and generally annoy you. While not technically malware, PUPs are similarly problematic. They’re often bundled with legitimate apps, so you may willingly download one without even noticing. In the best-case scenario, they offer no real benefits. In the worst-case scenario, they could slow performance and act as spyware or adware.

Macs may also be impacted by ransomware, trojans, malicious websites, social engineering attacks, cryptojacking, and other nefarious schemes.

What security features do Macs have?

Mac computers come equipped with several hardware- and software-based features designed to protect sensitive information and safeguard your system. While these security controls do not make Macs immune to hackers, they can certainly help.   

Control over Mac App Store

Apple maintains control over the App Store, notarizing Mac apps to verify that they have been scanned for malicious content. This doesn’t provide complete security, but it adds an extra layer of protection.

Gatekeeper

Before running apps, installer packages, or plug-ins from outside the App Store, Gatekeeper verifies that they are signed, notarized, and unaltered.

XProtect

XProtect is Mac’s built-in antivirus software. It checks for malicious components when an app is first launched, when it’s changed, and when signatures are updated. If XProtect finds known malware, it blocks the software and notifies the user.

Firewall

Macs also come with a firewall to protect against unauthorized traffic. Configuration options allow you to block all incoming connections, allow certain incoming connections, and more.

FileVault

FileVault is a disk-encryption feature designed to prevent unauthorized access to data. Apple introduced the feature in Mac OS X 10.3. Mac OS X 10.7 and later use FileVault 2, which offers full-disk encryption (FDE).

iCloud Keychain

By autofilling information, iCloud Keychain allows a Mac user to select stronger passwords without having to remember them all. However, since iCloud Keychain stores sensitive data, it’s a prime target for hackers.

Password Monitoring

Password Monitoring compares saved passwords to curated lists of known leaked passwords, giving users an opportunity to change compromised credentials before cybercriminals exploit them.

System Integrity Protection (SIP)

SIP, also known as rootless, restricts the root user to protect certain locations and system processes from unwanted modification.

Find My

The Find My app is designed to help you locate missing devices. If you can’t retrieve the Mac, it can also remotely erase data so that your company’s information doesn’t fall into the wrong hands.

Two-factor authentication

Enabling two-factor authentication for a user’s Apple ID prevents unauthorized access, even if a potential intruder has the password.

How can I protect Macs in my environment?

Most of the same security basics essential to safeguarding Windows PCs also come into play when protecting Macs. Maintaining security best practices is critical regardless of what type of device you’re using.

Require strong passwords

Strong passwords stop brute force and password spraying attacks, thereby preventing unauthorized access. A strong password should be unique, contain at least eight characters, and avoid personal information or consecutive keyboard combinations (in other words, don’t use “qwerty”).

Many Windows PC users rely on password managers to generate and store their login credentials. Mac users can also incorporate solutions built for the task, but iCloud Keychain acts like a basic password manager.

Download from the App Store or the manufacturer’s official website

Downloading apps from unreliable sources can vastly increase the risk to your Mac. Apps are reviewed before being available from the App Store to enhance security. You can also download apps directly from a trusted manufacturer’s official website. However, avoid dubious downloads from less reliable third parties. Freeware is often particularly risky.

Stay on top of updates

Software updates can help keep your Mac secure and running smoothly. When a vulnerability is detected, Apple issues security updates to address it. However, other updates can also add new features, fix bugs, or improve performance, so updating is in your best interest regardless of whether you prioritize security.

The best MDM solutions make it easy to update machines at scale. However, if you just manage one or two machines, you can also set them to update automatically in System Preferences.  

Train users

Security training is critical for Mac and PC users alike. A social engineering attempt, such as a phishing email, relies on an employee’s misjudgment to breach the system and/or gain access to personal information. Since the face of cybersecurity is constantly changing, you can’t expect employees to stay up to date on the latest risks on their own. That’s why your staff needs regular training to keep security at the front of their minds.

Use a VPN

Mac does not come with a virtual private network (VPN), but an outside solution can be the perfect complement to Apple’s security features. A VPN encrypts your connection and masks your IP address for greater security, even if your users connect to public Wi-Fi.

Back up data

Backing up your Mac won’t stop viruses, but it can help you recover more quickly. If you maintain a recent backup, you should be able to restore from it if your Mac is compromised.

Clear cache

Your browser cache accumulates downloaded files, images, and other data. Malware, including adware and viruses, may lurk in the temporary files, so regularly clearing the cache may be an easy way to avert disaster.

Enable security features

While Mac has a number of security features, some of them can only protect machines if they’re enabled. Assess your organization’s needs, and then consider setting up FileVault, two-factor authentication, and Find My.

Use antivirus software

XProtect provides some antivirus protection, but you might also install third-party antivirus software. Most well-known solutions have products for Macs.

Monitor device health and policy compliance

Use a high-quality Apple MDM solution to configure, monitor, and update Macs. Understanding the current state of your devices and policy compliance can help you find ways to maintain and fortify your security posture. It can also give you a security baseline, making it easier to detect abnormal behavior.

Delete apps you don’t use

Each app installed on your Mac increases the attack surface. When you’re no longer using an app, just delete it. This is especially important if you have any old apps lying around that haven’t been updated in a while. Not only can deleting unused apps enhance your security, but it can also improve your Mac’s performance.  Watch for signs of a hack If your Mac is compromised, you may notice a few changes. Here’s what to watch for:

• Slow performance

• Strange or unexpected ads

• Unexplained network activity listed in your Activity Monitor

• Suspicious access listed in Sharing

• Unexpected redirects

• Unexplained new toolbars

If you spot one of these signs, run a virus scan using a trusted antivirus software.

Wipe the device if it’s lost or stolen

Your Mac could provide a wealth of information on your business. Establish a policy requiring employees to report lost or stolen devices as soon as possible. With any luck, Find My will help you recover that device. If not, wipe it remotely to ensure your information doesn’t fall into the wrong hands.

Keeping your Mac computer secure requires careful management. SimpleMDM makes it easy to monitor and update Apple devices. Try a free 30-day trial to see for yourself, and keep reading the SimpleMDM blog for more tips and tricks.