Computer information and services are under attack like never before. The frequency with which laptops are stolen, social media accounts are hacked, cloud services platforms are compromised, and data falls into the wrong hands is only increasing. While no computer information or service protections are foolproof, Mac users can take steps to secure their accounts and data and reduce the likelihood of falling victim to theft and compromise.
SEE: Information security incident reporting policy (Tech Pro Research)
1: Enable FileVault encryption
Encrypting a Mac's hard drive protects against unauthorized data access should the Mac be lost or stolen. Apple's FileVault encryption technology basically scrambles data on the hard drive, making the files, photos, messages, videos, and other information useless garbage to others. Unless one possesses the decryption key or system password, the data is, essentially, irrecoverable.
Mac users can enable FileVault by opening System Preferences, selecting Security & Privacy, choosing the FileVault tab, and clicking the Turn On FileVault button. FileVault may require hours to completely encrypt the Mac's hard drive; once encrypted, Macs perform just as they did before the drive was unencrypted. Users should encrypt laptops and desktops.
Upon encrypting your Mac, you need to take special care to record your passwords. Safely store the recovery key macOS generates somewhere other than on and with the Mac; in other words, don't write the recovery key down in a notebook that's also packed within the same messenger bag or backpack. And, storing the encryption key on the Mac is no help if you lose your password.
SEE: Encryption Policy (Tech Pro Research)
2: Encrypt all backups
Encrypting a Mac is one thing—encrypting a Mac's backups is another. All backups, whether stored in the cloud, on a network drive, or using Time Machine on an external disk, should be encrypted. Apple maintains documentation for setting Time Machine backup encryption options and converting an existing Time Machine disk from unencrypted to encrypted.
3: Enable multi-factor authentication for all accounts
Social media, Office 365, iCloud, and similar accounts are increasingly targeted, often by robotic programs. You should enable multi-factor authentication (sometimes referred to as two-step or two-factor authentication or verification) for all your accounts. By requiring two forms of authentication, you make it more difficult for an unauthorized user to gain access to your accounts.
Platforms' steps differ for enabling multi-factor authentication, but here are a few links that should help:
- Apple ID and iCloud two-step verification
- Adobe two-step verification
- Box.com two-step verification
- Dropbox two-step verification
- Electronic Frontier Foundation list
- Facebook two-factor authentication
- Google two-step verification
- Instagram two-factor authentication
- Office 365 multi-factor authentication
- Twitter two-factor authentication
4: Avoid password application cloud service features
Online accounts, regardless of source, are at risk of compromise. This past summer, the OneLogin password manager provider was hacked, subsequently placing sensitive customer data at risk. All customers supported by the firm's US data center were affected, ZDNet reported.
Imagine all your passwords being stolen. We're not just talking about someone posting inane messages to Twitter as you—we're talking about unauthorized users potentially accessing your cloud storage accounts, files, email messages and bank, credit card, and investment accounts.
Avoid that risk by not entrusting an online password management or password cloud service to store your sensitive passwords. When I explored the cloud storage strategy adopted by mSeven for its mSecure 5 password manager this spring, I noted the app's data can still be backed up and stored locally on a Mac. I continue to recommend Mac users store such information only locally; there's too much at stake to permit storing password information in the cloud.
- Mac OSX Trojan malware spread via compromised software downloads (ZDNet)
- Computer Hacking Forensic Investigation & Penetration Testing Bundle (TechRepublic Academy)
- 7 ways to protect your Apple computers against ransomware (TechRepublic)
- Top 5: Risks of encryption backdoors (TechRepublic)
- Video: Why the password must die (and what comes next) (TechRepublic)
- IT leader's guide to the threat of fileless malware (Tech Pro Research)
Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president of Eckel Media Corp., a communications company specializing in public relations and technical authoring projects.