“This is scary.” That’s what one security expert says about an awful flaw in some Apple Macs that allows hackers to sneak in and remain undetected until it’s too late.Hacker typing on a laptop

The bug is dangerous because it affects the BIOS (basic input/output system)—the core program that brings a computer to life. The BIOS should never be tampered with, but when some Macs go into sleep mode, they allow direct access to this essential part of the computer. Because it involves a poisonous kiss that wakes a sleeping Mac, HackerOne executive Katie Moussouris has dubbed the bug “Prince Harming.”

To fully take advantage of this flaw, hackers would first have to gain administrative access to a computer using a low-level virus. However, once inside, the virus can bury so deep it’ll never be discovered. This could give hackers time to plot a massive heist or major corporate takedown. Average Mac users shouldn’t expect to be hacked, but those in real danger are high-value targets like company executives, bankers, and politicians.

If anyone at your company uses Apple computers, a flaw of this kind could eventually lead to a data breach. While there are plenty of things you can do to prevent a breach, you must also know how you will respond in the chance that one occurs. Here are 7 steps you can take in the event of a data breach:

  1. Implement the incident response plan for dealing with a data security breach.
  2. Determine whether a threat still exists and contain it if necessary.
  3. Investigate and identify what information was revealed.
  4. Determine the exposure and communicate it to impacted individuals.
  5. Consider involving law enforcement, regulatory agencies, or legal counsel.
  6. Review security procedures and policies.
  7. Evaluate the effectiveness of the response and adjust it if necessary.

For more information on what you can do to keep your company’s sensitive information secure, visit the Cyber Threats section in the Knowledge Center of your portal, or contact your Client Services representative.

2015 Content Intern