Many people believe that the Mac operating system (OS) is more secure than other operating systems like Windows. However, it's worth noting that macOS holds only 9.4% of the desktop market share, which is significantly lower than that of Windows. Fewer attacks discovered on macOS devices can therefore be attributed to macOS's smaller user base
In other words, Macs are still vulnerable to cyberattacks. Malwarebytes even reported that in 2019, there was an increase in the number of Mac threats detected. Users experienced 9.8 detections per device — that's more than double the amount of those found on Windows computers.
Adware threats are rising
Mac malware also broke into the top five most detected threats worldwide. An adware called “NewTab” recently became common on Macs, and was seen modifying web page content and posing as tax form and flight tracker apps. Once installed, NewTab will display malicious advertisements that can steal browsing behavior and information, which will then be sold to third-party advertisers for targeted ads.
macOS users also saw the rise of potentially unwanted programs (PUP), or unintentionally installed software. PUPs infiltrate systems when, for instance, an installed application such as a messaging app comes bundled with a web browser toolbar. These unwanted software can get into systems when users install software without reading the software's description. These applications even use a large amount of system resources, which may significantly slow down computers.
The prominence of spam and phishing attacks
Phishing scammers have also been targeting the Apple ecosystem. According to Kaspersky, Macs, iOS devices, and associated web services encountered 1.6 million phishing attacks during the first half of 2019.
These phishing emails claim to be from Apple Support, informing the recipient that their account will be locked unless they click the link in the message and verify their information. Another email campaign thanks users for buying an Apple device or app. The recipient is then invited to click on a link to “learn more” about their purchase and enter their Apple ID login, which the scammer will steal.
Cybercriminals are also launching fake malware notifications against Mac users. These imitate Apple’s website, claiming the user’s system is infected with viruses. It includes a support number, which connects the user to a fake support agent who will steal that user’s financial and personal information.
How can you protect your Mac from threats?
Macs are vulnerable to cyberthreats like Windows devices, so proper cybersecurity should still remain a priority. Here are some cybersecurity best practices you can follow:
1. Keep your programs and OS updated
Cybercriminals typically exploit vulnerabilities in operating systems and applications. Create a schedule for updating your software to prevent hackers from taking advantage of software bugs to attack your systems.
2. Install security solutions
Install antivirus and anti-malware software and constantly update them to get the latest security definitions. These security measures ensure threats are blocked in case malicious mails get into your mailbox. With all of Fidelis’ FiMSP Managed Service offerings, we offer endpoint protection anti-malware software as part of the service.
Use a firewall to protect your network from unauthorized access as well. A firewall monitors all network traffic and blocks unwanted traffic coming from malicious actors, protecting your confidential files from theft.
3. Implement access control policies
Aside from third parties, your employees can also cause data breaches resulting from improper access privileges. Some employees may access or modify sensitive files, compromising your business’s security.
To prevent this, implement the principle of least privilege, which entails granting employees access only to files and programs they need to do their job. For instance, accounting staff should only be allowed to view and edit data relevant to their department.
4. Instill better cybersecurity habits in your employees
This could be something as simple as creating better passwords, double-checking email addresses, or inspecting suspicious links and attachments.
You can also simulate phishing emails or cyberattacks to see how your employees will react to an actual attack. Your IT team could launch a fake malware attack to test how quickly they'll respond to it. Once you gather the results, teach those who took the bait the appropriate response, such as reporting the attack to the IT department.
Your business can also partner with dependable managed IT services providers (MSPs) like Fidelis. Our cybersecurity services will protect your Macs and PCs from a variety of attacks, so you can focus on growing your business. If your business is in Seattle or Oregon, get in touch with us today!