A multi office company in the health services industry found out the hard way that even Macs are vulnerable to security incidents when machines are not managed or maintained.
Once the client had enough operational pain and realized that there was a regulatory need, they onboarded all of their Mac and Windows equipment to CMIT Marathon.
Here is a little of what was discovered:
- 35% of the machines had malicious code running on the machines. This included benign code that was slowing their machines considerably, as well as dangerous code that reads and transmits data.
- 25% of the machines were connecting with unsafe servers and websites.
- 10% of the machines were running operating system versions that were no longer supported.
- 30% of the machines’ operating systems did not have all of the security updates installed
- Many machines had insufficient free hard drive space that prohibited automatic operating system updates from taking place.
- Many machines had been registered with personal Apple IDs whose passwords were unknown.
- Some machines had hard drive encryption turned on but the encryption keys were not stored, which lead to an inability to update the machine.
- Multiple cold storage applications were found installed on the machines, which lead to a discovery that unauthorized, personal, consumer accounts had been created for services such as Dropbox, Google Drive, ICloud, etc. These accounts were storing data that belonged to the company and could easily be hacked, stolen or inaccessible to the organization when the employee was not longer employed.
Do you need to know more about the security and operational vulnerabilities and risks posed by unmanaged, unmaintained IT equipment and services? Make an appointment for a Cyber Risk Assessment now. There is no cost if your company scores 100%.
