Endpoint
5/16/2014
12:00 PM
Roman Foeckl
Roman Foeckl
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

‘Apple Picking:’ 5 Ways to Lose (& Retrieve) Mac Data

Apple platforms are far from invincible, as these common loss scenarios demonstrate.

When iPhones, iPads, and other Apple devices like Macbooks became popular, thieves saw stealing them as an easy way to make a quick buck. Now they're after much more -- data. Today's Apple devices store quality data -- contacts, credit card transactions, passwords -- of interest to criminals. Worse, BYOC and BYOD are increasingly making Macs repositories for sensitive corporate intellectual property, which further attracts both cyber-criminals and disgruntled or dishonest employees.

This story will educate IT managers and end users about the threat to data from "Apple picking" and how to reduce the risk of data loss through policy, practices, and free and market-based security tools and solutions such as data loss protection (DLP) and mobile device management (MDM). Full disclosure: My company provides such solutions.

The best way to protect your users from Apple picking is simple, but often not enforced. Train your employees to be religiously aware of their surroundings. Teach them not to leave devices (iPhone, iPad, Macbook) unattended or in plain sight of coworkers or the public. However, should an employee become a victim, here are five tips to help keep your company's confidential data safe.

Tip 1: Use the password protection and encryption already in the device
Both computers and mobile devices come with built-in security features. Ensure your users create a password and enable encryption to add another layer of protection. For Macs and iPads, FileVault is a great full disk encryption solution. For iPads, ensure that Screen Control Center, Notifications, and Today View are locked, as well.

Tip 2: Always use Apple's device tracking and locating features
If you have to, these features will enable you to wipe data off any device if it gets lost or stolen. Apple provides a guide for activating and using these cloud-based features. They're easy to set up, so why run the risk of someday needing to wipe data off a user's device, only to learn the user didn't activate device tracking and locating? The downside to wiping the device is the data is gone forever, along with options to control the device remotely. If an employee's device has been stolen, the tracking features can help you pinpoint its location, so you can alert authorities to help recover it.

Now, let's get a bit more creative and give you information that's not as commonly known.

Tip 3: Applock makes things harder for the Apple picker
Applock is a feature that allows users to set their iPhone or iPad to access only a specific application if it's stolen, adding yet another obstacle for anyone who tries to take a mobile device. For example, the app can be a media player, which can be set to play a specific song if the device is lost or stolen. Applock can also be programmed to sound an alarm or siren to annoy or scare a thief into discarding it.

Tip 4: Applock combinations: video capturing and/or voiceover apps
Through the Applock feature, an MDM solution can remotely "wake up" the phone and launch the device's video camera or a voiceover app. The camera can record everything around it, which could provide clues about who has your device. You can use the voiceover app to start talking to the person who has your phone, too. Though this may not directly avoid data loss, it can help you recover your stolen phone or gather information to decide whether to wipe away its data or not.

Tip 5: Stay hopeful
Not everyone has bad intentions. Sometimes employees simply forget their device "somewhere," and a well-intentioned person finds it. You can put the device on "Lost Mode" to set a four-digit passcode to protect it, and to display an onscreen message stating the device has been lost or stolen, along with an alternate phone number. Because the device is locked, the person has only one option: Call the number.

Roman Foeckl leads CoSoSys. The company is a leading developer of mobile device management (MDM), data loss prevention (DLP), device control, network endpoint security, and portable storage encryption solutions for Windows, Mac OS X, and Linux. It has ... View Full Bio
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6196
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSp...

CVE-2014-7247
Published: 2014-11-25
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?