Seven Tips for Protecting Information on Mac and Windows

For years users of Mac computers have been like the small-town citizen, confident in their safety because cybercriminals paid so little attention to them. Partly because of this vaunted security, many small business owners depend on Macs to run their businesses. Small businesses born of the recession in particular, and led by tech-savvy owners, loaded up on Macs as their personal and professional worlds converged, with less emphasis on enabling security measures to keep sensitive information safe. But recent events have shown that even Mac users can no longer turn a blind eye to cyber threats.

According to Apple, nearly one in four computers sold in the United States is a Mac. The Flashback virus, which targets a Java vulnerability in Mac OS for which Apple has since issued a security update, spread quickly and more viruses are sure to follow. Small and Medium Businesses (SMBs) that use Macs to fuel their businesses need to take the appropriate steps to protect their information.

The Mac community has grown enormously in the last decade – and now cybercriminals are taking notice, as evidenced by the recent Flashback outbreak. This Trojan has infected upwards of half a million Mac machines according to security researchers, most of them in North America, creating a large botnet that transfers information back to the cybercriminals. While Apple responded quickly with a security update to address this issue, Flashback should be a wake-up call for SMBs – malware authors now consider Mac computers a viable battleground along with the Windows platform. In fact, Symantec has identified new Java Applet malware that targets this same Mac vulnerability and Windows at once – it checks which OS the machine is running on and downloads a suitable malware for the operating system.

When business information is on the line, the entire organisation is at risk, particularly in a small business. Organisations can’t afford to let complacency be the hallmark of their security strategy, and they can’t think they are invisible to the bad guys.

Complete Information Protection for SMBs

What should small business owners be doing to protect their information from the latest threats to Mac and Windows machines? The answer is a combination of technology and policy.
  • Deploy a reliable security solution throughout the organisation – on Mac and Windows endpoints. Today's security solutions do more than just prevent viruses. They scan files regularly for unusual changes in file size, programs that match the software's database of known malware, suspicious e-mail attachments and other warning signs. It's the most important step small businesses can take toward keeping computers clean of malware.
  • Keep security software current and operating systems and third-party applications updated with the latest patches. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.
  • Develop security policies and educate employees about Internet safety, security and the latest threats. Train employees to be wary of email attachments, links from unknown sources, and unusual software update requests. Most infections can be prevented by adhering to organisational policy and exercising caution.
  • Enforce strong password policies. Maintaining strong passwords will help you protect the data stored on a laptop if a device is lost or hacked. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Have employees change their passwords on a regular basis, at least every 90 days.
  • Implement encryption technologies on desktops, laptops and removable media. With encryption, confidential information is protected from unauthorized access, providing strong security for intellectual property, customer and partner data.
  • Protecting information is more than implementing an antivirus solution. Backup and recovery is a critical component of complete information protection to keep small business desktops, servers and applications running smoothly in case of disruption – whether it’s a flood, an earthquake, a virus or a system failure.
  • Regularly check the defences to be sure everything is working properly.

Just as the Internet is shrinking the world of business, allowing small organisations to connect with customers everywhere, it is bringing security risks to SMBs. Regardless of the situation, the size of business, or whether an organisation is on Mac or Windows systems, it’s time to start locking your doors.

If an organisation is concerned that they may be infected with Flashback, Symantec has provided a free detection and removal tool for download at this link.

By: Nigel Tan (陈善龙),Principal Consultant for Asia South Region, Symantec.