According to Apple, nearly one in four computers sold in the United States is a Mac. The Flashback virus, which targets a Java vulnerability in Mac OS for which Apple has since issued a security update, spread quickly and more viruses are sure to follow. SMBs that use Macs to fuel their businesses need to take the appropriate steps to protect your information.
How did we get to this point? Imagine you grew up in a small town where you never had to lock your doors. This town is tucked away in the countryside, where surely no criminals would ever care to travel. But over time, more and more people move to your little paradise, seeking escape from life in the big city. When you come home one evening and see that you’ve been robbed, you finally realize that your little town has changed forever. It can no longer lie untouched by the dangers of the world.
For years users of Mac computers have been like the small-town citizen, confident in their safety because cybercriminals paid so little attention to them. Partly because of this vaunted security, many small business owners depend on Macs to run their businesses. Small businesses born of the recession in particular, and led by tech-savvy owners, loaded up on Macs as their personal and professional worlds converged, with less emphasis on enabling security measures to keep sensitive information safe. But recent events have shown that even Mac users can no longer turn a blind eye to cyber threats.
Like the small town that has found itself growing and susceptible to problems inherent in larger cities, the Mac community has grown enormously in the last decade – and now cybercriminals are taking notice, as evidenced by the recent Flashback outbreak. This Trojan has infected upwards of half a million Mac machines according to security researchers, most of them in North America, creating a large botnet that transfers information back to the cybercriminals. While Apple responded quickly with a security update to address this issue, Flashback should be a wake-up call for SMBs – malware authors now consider Mac computers a viable battleground along with the Windows platform. In fact, Symantec has identified new Java Applet malware that targets this same Mac vulnerability and Windows at once – it checks which OS the machine is running on and downloads a suitable malware for the OS.
When business information is on the line, your entire organization is at risk, particularly as a small business. You can’t afford to let complacency be the hallmark of your security strategy, and you can’t think you’re invisible to the bad guys.
Complete Information Protection for SMBs
What should small business owners be doing to protect their information from the latest threats to Mac and Windows machines? The answer is a combination of technology and policy.
- Deploy a reliable security solution throughout your organization – on Mac and Windows endpoints. Today's security solutions do more than just prevent viruses. They scan files regularly for unusual changes in file size, programs that match the software's database of known malware, suspicious e-mail attachments and other warning signs. It's the most important step small businesses can take toward keeping computers clean of malware.
- Keep your security software current and your OS and third-party applications updated with the latest patches. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.
- Develop security policies and educate employees about Internet safety, security and the latest threats. Train your employees to be wary of email attachments, links from unknown sources, and unusual software update requests. Most infections can be prevented by adhering to organizational policy and exercising caution.
- Enforce strong password policies. Maintaining strong passwords will help you protect the data stored on a laptop if a device is lost or hacked. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Have employees change their passwords on a regular basis, at least every 90 days.
- Implement encryption technologies on desktops, laptops and removable media. With encryption, your confidential information is protected from unauthorized access, providing strong security for intellectual property, customer and partner data.
- Protecting information is more than implementing an antivirus solution. Backup and recovery is a critical component of complete information protection to keep small business desktops, servers and applications running smoothly in case of disruption – whether it’s a flood, an earthquake, a virus or a system failure.
- Regularly check your defenses to be sure everything is working properly.
Just as the Internet is shrinking the world of business, allowing small organizations to connect with customers everywhere, it’s bringing security risks to SMBs. Regardless of your situation, the size of your business, or whether you’re on Mac or Windows systems, it’s time to start locking your doors.
If you’re concerned that you may be infected with Flashback, Symantec has provided a free detection and removal tool for download here.