If you organization is like most, there are a few Macs floating around. SANS says us that it’s one of the 20 biggest things we should be worried about. At the same time Apple has commercials touting their security over PCs. So it begs the question, “How much should you be worried about Macs?”

Let’s start with some facts:

• OS X has many great security features built in, like a Personal Firewall, Auto Updates, and File/Folder Encryption.
• OS X comes out of the box with most unnecessary services turned off and users usually don’t run as a admin level account.
• OS X is vulnerable to viruses and worms.
• People in your organization probably do store critical information on a Mac.
• Lots of vulnerabilities come out for Macs.

What should be you be doing about it? Some. Macs probably aren’t your biggest risk, but they need to be on your radar. I agree with SANS that the risk is increasing, although it’s nowhere near the top 20 things I worry about.

What should you be doing:

• Educating users that they are not immune from security issues.
• Ensuring the are configured securely with Auto Updates, Desktop FW, and Unnessary Services turned off. Just because it came out of the box this way doesn’t mean it’s still this way.

Most Mac users I know have an independent streak to them and will probably resist any “big brothering” by security group. With a little diplomacy and reasonableness you should be able to win them over.

Post a Comment...