Last week we brought you five ways to secure OS X, and well as why Apple users shouldn't be complacent in thinking their devices are invulnerable. As threats to your data and personal information multiply, it's good to have options when looking for ways to keep yourself safe.
That said, here are five more ways to secure OS X.
1. Data Backup
Data loss incurred by theft or hacking is not the only security concern for all users of computing devices. Loss occurs most commonly through equipment failure, such as hard drives crashing. Unlike other threats however, this type of loss can be completely protected against by implementing an active Data Loss Prevention (DLP) plan.
Also known as a disaster recovery plan, a properly setup DLP plan allows a user, SMB or enterprise to recover from loss of data due to disasters ranging from component failure to a complete site outage. While the more advanced plans would likely not apply to end-users much, if at all, there are other methods that could be employed to minimize the amount of data lost at any given time during a failure.
With storage limits sky high and the equivalent prices per gigabyte (GB) at an all-time low, hard disk storage is readily available to backup your data. Equally available are many rock-solid and free-to-use backup applications, like Time Machine from Apple or Code 42's CrashPlan, which offer scheduling and automation to allow for a set-it-and-forget solution to do all the heavy lifting when it comes to backing up your data on-the-fly automatically.
An easy to implement backup plan is as simple as 3-2-1. Keep 3 current backups using 2 different media types with at least 1 type being cloud-based or stored off-site.
2. Cloud Access
When discussing anything cloud-related, the perception is that of the holy grail— the be all and end all solution to all security concerns. And while for some the cloud represents just that, it also introduces a host of additional security issues centering around keeping your data out of your hands physically and brings up questions as to who does have physical access to your data and countless others' precious data.
Physically accessing cloud-based data concerns aside, the truth is that the cloud does provide some huge benefits for almost everyone, on some level. Those could include: backing up and synchronizing data to Dropbox as part of an off-site recovery plan; using iCloud as a means of mobile device tracking and asset management including loss prevention; or keeping digital key chains with any passwords, notes and similarly important account information stored away from any personal devices but just as easily accessible from all of them.
Furthermore, with cloud services always-on, always available model to work with, the usability can be further extended to provide Single Sign-On (SSO) for securing access to frequently used websites and portals to global communications via Skype or even using Google Apps stored in the cloud for productivity and collaboration.
3. Internet Safety
Securing information traveling over a private network is far easier than over an unreliable medium that may be susceptible to attacks, or may very well be already compromised. Yet it is a necessary evil to communicate globally so every step should be taken to secure your computer's communication and by extension yourself, beginning with using Hypertext Transfer Protocol over SSL (HTTPS) whenever possible to validate the websites you are visiting — this goes double for target-rich destinations like social media, finance, and any other sites that readily archive or display private information.
Ad blockers like the AdBlock and Adblock Plus extensions are available for most modern browsers. They do more than their fair share of eliminating advertisements, be they Flash-based or not, on websites which are a known vector for infection since ads are distributed across thousands of sites and displayed to exponentially more users a day creating a big pool of potential targets worldwide.
Speaking of plugins like Flash and Java, disable them if or when they're not in use. As each plugin serves to provide an opening to display third-party content, that same opening is often exploited as a means to gain a foothold into your system. Incidentally, the ubiquitous use of Wi-Fi Hotspots has made access more readily available while simultaneously providing ne're-do-wells another way to gain access to your devices through the use of unsecured networks, since most hotspots are not protected for ease of use.
Use a Virtual Private Network (VPN) access tunnel to combat transmitting data over unsecured networks while also using them as a means to work remotely. This works to encrypt the data being transmitted between two end-points (your device and a server at work or hosted by a third-party). This not only keeps data sent and received secure but also protects the entire session from being viewed by prying eyes, regardless of whether you're submitting a proposal to your boss or just checking movie times.
4. System Updates
Some would argue that performing system updates and by extension, performing application updates, are the lifeblood of a device. Tantamount to regularly changing the oil in your car, updates are very necessary and should be performed regularly to keep current and patched against the latest known vulnerabilities.
Each OS has its own update mechanism by which to perform the feat and each features methods to schedule them for automatic installation based on work hours, scheduled maintenance windows or even command line options that allow for scripted and remote execution.
Some first and third party applications even provide a better management infrastructure to better handle device management. Apple Remote Desktop (ARD) is the de facto choice for OS X, and while it's very well suited to handle the job, those looking for more flexibility would likely step up to OS X Server with Profile Manager or something beefier like Casper Suite from JAMF with its Mobile Device Management (MDM) features for all of Apple's devices.
Cross-platform support is available as well for those heterogeneous networks in the form of Puppet, the open-source management tool released via GNU General Public License (GPL) and used by some of the biggest names in technology today to get a grip on their computing resources.
5. Common Sense
As said by Voltaire in 1764, "common sense is not so common." The quote is generally perceived as negative in tone but does strike upon a unique observation. Common sense, while being a quality innate to all human beings, will vary from person to person based on experiences, perceptions, opinions, and educational background.
With this in mind, learn from others and heed the warnings presented to you when facing unknown issues, or in the face of uncertainty about an error message or random communication online. It may not be so random and more targeted than it appears.
Should you receive an unsolicited email from a foreign king requesting your aide in withdrawing $100 million dollars from his native homeland by requesting your bank account number in exchange for a tidy sum of 20% for your troubles — think again. If it's too good to be true, it likely is. Conversely, should the FBI be so inclined to monitor your Internet viewing habits they will most likely not inform you that they are collecting evidence against you via a pop-up on a website. Until they come knocking on your front door, I wouldn't worry about it too much, and it certainly wouldn't be advisable to call that 1-800 number to purchase anything from the person on the other end of the line.
The basic rule of thumb is if you're unsure about something, ask someone you know and trust who is knowledgeable. Do not click on the link, respond to the email, call the number, or attempt to establish any form of communication with the person or group trying to phish you for information. If someone has called you directly, do not provide or confirm any information — even to correct misinformation — simply ask for a call back telephone number or hang up altogether.
While the information listed above only scratches the surface of protective measures that can be taken secure your devices, there is only so much that can be included to protect against the growing number of threats. Not to mention that threats evolve over time as technology advances and popularity for specific types of devices and/or services increases, the bad guys shape and mold their attacks to conform to the targets.
Additionally, though much of this information is readily available to any and all users, the sad fact remains that much like seatbelts or bike helmets, it's up to the individual users to take advantage of these protective services much like it's up to the police or in this case, IT to enforce the rules on corporate networks.
No one solution will offer a magic bullet to stop cyber threats cold. Even the best plan of defense will require constant updating and modification as time passes and new threats emerge. To this day, the best approach is still a layered plan with multiple levels of protection against the various threats out there. One or two might slip through, but at least the entirety of the system will likely not be compromised and thus recovery should be possible.
Remember, criminals only need to get it right once, we need to get it right every time.
Have any thoughts to share? Or tips and strategies on how to better safeguard your system and data? Chime in below in the comments section. We want to hear from you.
- How to verify MD5 and SHA-1 checksums with Terminal (TechRepublic)
- How to configure email encryption in Apple Mail (TechRepublic)
- Pro tip: Securing your Apple ID and iCloud with two-step verification (TechRepublic)
- How to configure VPN access in OS X (TechRepublic)
Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from several vendors, including Apple and CompTIA.