Brought to you by

Macs do get malware

Posted 12 months ago in Xero news by Paul Macpherson
Posted by Paul Macpherson

Many people believe that Macs can’t get malware (malicious software), but is it really true?

The answer to that question is No. There have been instances of malware on Macs, and there will be more.

A few years ago, Flashback malware exploited a security flaw in Java to infect 600,000 Macs. There’s a page about it on Apple’s website.

While over 98% of malware is written for the Windows platform, there are still thousands of unique viruses written to target the Mac OS. Mac OS does have security mechanisms built-in, but a secure operating system is not enough.  Using third party software opens up the possibility of vulnerabilities in those applications being used to exploit your Mac.

What can I do to keep myself safe?

The web site provides a lot of useful information for Mac users, including this article about the risk of malware on Macs.  There’s also this article telling you how to check your Mac for malware.  

Check out this article for useful tips for making your Mac, and the applications you run, more secure.

We also recommend the following to improve your safety online:

  • Use Two-Factor or Multi-Factor Authentication (2FA, MFA) on your email account and other sensitive services. Enable our Two-Step Authentication (2SA) to enhance the security of your Xero account. Using additional authentication significantly reduces the risk of unauthorised access to your account, even if your password is compromised.
  • Keep your software up to date with the latest security patches. Software from the Mac App Store will be updated automatically, but you need to ensure any software from other sources is also kept patched.  
  • Regularly back up your data and keep a copy offline from your Mac. Leaving an external hard drive permanently attached to your Mac isn’t recommended as ransomware can then encrypt your backups as well.
  • Security awareness training. Many scams and attacks rely on “social engineering”, manipulating someone to do something or provide the information the hacker wants. This can be as simple as getting you to click on a link or attachment in an email, to infect your own system with malware, or to enter your password on a fake login page. By teaching your coworkers to correctly identify suspicious emails and online activity, you can avoid being a victim of this type of attack.

Leave a reply

Your email address will not be published. Required fields are marked *