The Apple OSX platform has long held the cache of being invulnerable to attack. Cyber-criminals have be crafting more exploits to target Macs, iPhones, and iPads, especially since 2012. The reason for this, as explored in a recent article on SiliconBeat, is that Apple users tend to have more disposable income. If you willingly pay more to have “the best” or most trendy device, you generally are wealthier. Cyber-crooks follow the money. So if you are a Mac user, you need to be doing something about security.
Anyway, Apple users are just as likely to receive a phishing email, a fake tech support call, or other social engineering exploit as a Windows user. Recent exploits have included phishing email advising users that their Apple ID was due to expire, and after clicking on the link, were taken to a web page where they were told to “update” their ID. The first information collected on the form is the existing ID, which the criminals used to break into their iTunes account. There was also a fake Adobe Flash player exploit recently that allowed the attackers to install unwanted software programs in affected systems. There is a great article on Naked Security that gives the history of Mac malware, going back all the was to the 1982 ElkCloner exploit.
So what should you do? The list is going to look familiar to Windows users, we’ve been doing these things forever.
- Passwords. Use a password to secure your iMac or MacBook, and make sure it is long, complex, and unique. Using a password manager such as Keeper, available on the Apple Store, is a great idea, too.
- Anti-malware and firewall software. There are many excellent products for the Mac, and Tom’s Guide recently reviewed a bunch and listed the six best, including Avira, BitDefender, Avast!, and Kaspersky. My favorite, Sophos, took a drubbing in this evaluation, but they have a new product that has corrected its previous deficiencies.
- Encryption. I am a member of the “encrypt everything” school of thought, especial for mobile devices, which tend to be lost or stolen with more frequency. Encrypted files are impossible for crooks to decrypt or use to attack you further.
- Education. In order to acquire a driver’s license, a person needs to take some training, and pass a written and behind-the-wheel test. This is good practice for computer users too. You are reading this article, for example, so self education is not a foreign concept for you. You ought to learn a bit more about what the bad guys are after and how they do it. Learning about cybersecurity has really become important in the current era, if you want to keep your devices, family, business, personal information, and money safe from cyber-thieves.
So Mac users consider yourselves warned and informed. Today is the best day to take action to secure your digital life from attackers.
More information:
- SiliconBeat – Apple Scams
- TechRepublic – 5 Ways to Secure OSX
- Tom’s Guide – Best OSX Anti-Malware
- Naked Security – Mac Malware History
JUL
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com