How to Implement Successful Endpoint Security for macOS

October 16, 2019 Vadim Sedletsky


The belief that there are no viruses or types of malware for macOS goes back to the beginning of Mac OS X at the very beginning of this millennium. Unfortunately, this is a myth.

The number of Mac users infected by malware and other Mac threats has grown exponentially since 2010. We see large numbers of people infected with Mac threats every day on a much larger scale than even just a few years ago. Macs are a growing presence in enterprises and it’s the perfect time to stop treating them as exceptions to desktop and laptop security policies. Security and risk management decision-makers need to understand the potential security risks for Macs and to follow best practices to secure macOS endpoints.

Furthermore, macOS has become more popular among developers, making any form of ransomware targeting macOS an even bigger danger. To do their job, developers need to have access to source code, API keys and other shared secrets – making developers the kind of user that attackers target. If macOS is going to be a standard for developers, then it is more important than ever to be able to secure it.

One reason why Macs have become so popular among developers is that Linux and MacOS share the same “operating system ancestor” Unix. Since the majority of web servers use Linux to run the web applications, macOS has advantages as a development platform. Developing on Macs involves a lot of programs and concepts that are applicable when deploying, operating and managing production web servers in Linux. This isn’t likely to change anytime soon, so developers are going to continue to want to work on macOS, making securing macOS a long term priority.

With the risk of malware attacks on macOS, it is becoming increasingly necessary for Mac users to have an additional layer of security and, in particular, to have something effective against different attack vectors.

How Do I Prevent Ransomware Attacks on my Mac?

Macs are not bulletproof. No macOS security update is going to be able to counteract all possible security threats. MacOS users need to get in the habit of using cybersecurity best practices to keep their endpoints safe.

Don’t assume that the best practices that keep Windows machines safe from ransomware aren’t just as vital for Macs. In fact, keeping Macs safe from malware and ransomware isn’t all that different from securing a Windows machine. Think layered security and good endpoint protection.

  • Keep Mac computers up-to-date. Outdated software is like rotted wood: weak and full of holes. Updates can plug these holes and make it harder for malware to find a way in. So, be sure to update both the operating system and apps often.
  • Be careful what users install or click. We should all know this by now. If a user gets an email from someone he doesn’t know – or a suspicious email from someone he does – he shouldn’t open any attachments or click any links. That’s how infections start.
  • Install apps only from official sites or the Mac App Store. Don’t let users install software from sources that haven’t been vetted. It’s too risky, because they can never be completely sure of what they are going to get. Torrented software could be bundled with various types of ransomware, for example. It’s safer to stick to official websites or the App Store.
  • Make frequent backups. It’s important to back everything up to an external disk, which is then disconnected from the Mac. This way if the Mac gets hit with ransomware, it won’t be able to encrypt the unattached backups. Once the ransomware is safely removed, it’s time to run a full scan to make sure nothing was left behind before reconnecting the backup drive and recovering files.
  • Use anti-virus. Since Macs are not immune to malware and Mac-targeted attacks, anti-virus software can help protect Macs against viruses, malware, rootkits and other signature-based attacks. However, it isn’t enough on its own to ensure complete safety. Malware and anti-virus protection need to be a part of a larger package of security deterrents.
  • Remove admin rights. Limiting administrative privileges is key to protecting any operating system from ransom attacks and other malware. Keep in mind the principle of least privilege – no one should have access they don’t need and no one should keep access longer than they need it. To do this, run non-elevated users and allow privilege elevation only on approved applications and for approved users. Make sure to utilize application control.

MacOS users have been hearing for years that all the security they need comes built-in. Once an organization figures out it needs to move beyond that with macOS security, it’s easy to assume that installing anti-virus and reminding users not to click questionable links is enough. But, organizations need more than anti-virus software and common sense to stay safe. Comprehensive, proactive privileged access management (PAM) is key to any cybersecurity strategy.

CyberArk is the global leader in privileged access management and CyberArk Endpoint Manager can help organizations take their endpoint security to the next level – whether they use Windows, macOS or any other operating system.

Learn how you can extend your existing privileged access management program with a free trial of CyberArk Endpoint Privilege Manager.



Previous Article
MFA and Biometric Authentication: Secure the Digital Profile
MFA and Biometric Authentication: Secure the Digital Profile

Every October, National Cybersecurity Awareness Month (NCSAM) promotes the importance of cybersecurity and ...

Next Article
How to Evaluate Your DevOps Secrets Management Program
How to Evaluate Your DevOps Secrets Management Program

Editor’s Note: Part 5 of a 5-part series providing practical guidance and insights to security leaders for ...