Security lessons from a Mac-only fintech company

Credit to Author: Jonny Evans| Date: Wed, 20 Nov 2019 07:43:00 -0800

Apple remains a highly secure choice for enterprise professionals, but security threats remain and the environment requires sophisticated endpoint management tools, confirmed Build America Mutual (BAM) CTO, David McIntyre.

BAM is one of the leading U.S. municipal bond insurers and has insured over $65 billion since launch in 2012. It also has the rare distinction of being a fintech firm that is completely based on Macs.

It has been an Apple-based enterprise since the start.

“The founders all use Macs at home,” McIntyre explained. “We said, let’s try to build a financial firm that uses Macs.”

When the company launched, it also found most of its potential employees used Macs, so it made even more sense to standardize round Apple’s platforms.

“We thought it would be easier and would let a small team support the employees.”

McIntyre was speaking at the recent Jamf JNUC event to talk about the recently announced Jamf Protect endpoint security solution, as noted here and here.

The challenge his company faced is that it deals with financial transactions valued at billions of dollars for huge clients – and is also based in New York which has legendarily tough cybersecurity regulations.

This means BAM must use the best security protection it can get.

The company has learned as it grows – among other lessons it has learned that the security environment for even Apple’s platforms is increasingly complicated.

“Five years ago, security was probably 10% of the jobs” of the company’s system admins, said McIntyre.

“Now probably 50-60% of their time is spent on cybersecurity,” he added.

“Not just because of cybersecurity regulations, but also because we’ve become a lot more aware of the security environment. It’s a thing that keeps me up at night.”

Despite the size of its business, BAM is a small firm with just two system admins to handle the technical needs of its one hundred employees.

Apple has a great reputation for security, and usually moves fast to address platform-based threats, but those aren’t the only exploits that exist on the platform.

Regular security and OS updates and speedy response to most identified challenges mean the platform is innately robust, but while virus checkers and firewalls can provide permiter protection, most security researchers now agree that the threat environment demands a more complete insight into device and machine security.

The challenge is that Mac malware does exist – and while Apple’s platform has lots of built-in protection, the biggest security vulnerability tends to be the humans using the computers and the applications they choose to install on them.

“One common way malware is distributed is by embedding it in a harmless-looking app,” Apple states on a support page.

When BAM started in business, it relied only on Apple’s security.

“We’d always relied on software updates,” said McIntyre. “I hadn’t realised the need for endpoint protection.”

He came to understand the need for tougher protection as his awareness of the big picture around Mac security grew and as the number of attempts made against Apple’s platforms continues to increase.

BAM now uses Jamf’s new endpoint security solution which has already protected it against threats.

McIntryre told the JNUC audience of one of these:

“A few months ago, we had an alarm go off on Jamf Protect and at the same time our network stopped working,” he said.

“It turned out that one of our employees had downloaded the number one Chrome plug-in.”

The offending plug-in turned out to be a popular parcel tracking app that had “50,000” reviews, he said. Half of those reviews were positive, while the others described similar problems as his company faced, he said, calling it ‘malware’.

BAM was able to isolate the problem and create a new set of rules through which to manage Mac security. These rules extended to the development of a white list of approved Chrome plug-ins.

“We actually realised that Chrome browser plug-ins were a real Wild West,” he said.

Of course, not every Mac user has access to powerful enterprise security solutions.

But the lessons for any Mac user should be the same as they always have been in cybersecurity:

For more security tips for Mac users please read this guide (The report needs updating but still carries plenty of helpful suggestions).

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.