Since many businesses ramp down operations this time of year, IT teams can take this opportunity to tackle larger than average projects that would normally be considered counterproductive, or perhaps require too much downtime to complete during the calendar year.
One such task is systemwide maintenance of computer systems, including provisioning new and/or replacement computers, assessing and possibly modifying systems, policies, and procedures, and testing solutions thoroughly prior to deploying them en masse.
SEE: Equipment reassignment checklist (Tech Pro Research)
Here are seven maintenance chores for Apple computers that I recommend doing now to be proactive about keeping your organization's devices humming along harmoniously. Keep in mind this list of best practices is not exhaustive. Also, December is not the only time of the year to consider reviewing these maintenance tasks—this should be an ongoing process that is managed, adjusted, and documented so processes stay inline with business objectives.
1. Deploy macOS
Deployment of new or upgraded OSes requires there to be downtime during the transition from one OS to the other. Additionally, time considerations should be factored in for creating and testing the initial deployment images, as well as for the deployment across the network to multiple devices.
A significant part of this process involves testing existing applications and mission-critical processes against the OS to verify that systems will continue to work. The testing process is also an important way to protect against upgrade-related issues such as incompatibilities with software and hardware, and to minimize data loss during or after the upgrade.
2. Update your Mac
Maintaining the OS and updating applications consistently are the most essential processes IT pros have in their arsenal to protect devices and safeguard their data from threats. Many of the attacks that occurred earlier this year had patches to protect against the type of attacks that were carried out, compromising millions of devices worldwide.
Despite that macOS security has historically fared better than other competing operating systems, Apple computers are not immune to threats, compromises, or attacks. At its very best, Apple computers can be carriers for malware to infect other systems that might be susceptible to malware; at their worst, macOS may be negatively impacted by malware like any other system.
So patch your software on a regular basis to maximize compatibilities while minimizing bugs that could lead to system instability or larger security issues.
SEE: IT pro's guide to effective patch management (free PDF) (TechRepublic)
3. Remove unused apps
Over time, computers amass a great deal of data—and not just the data that users interact with, but data that is stored in random folders throughout the system. Remnants of application installers, temporary files, and unused software may still reside on your Mac—these all serve as a potential security risk and may be utilizing your system's resources, making your computer run inefficiently.
Here are some places to check where unused data and applications may reside on your Mac.
- In the Applications folders, remove any applications that are no longer in use.
- For any recently updated app, ensure that any excess data has been fully removed without leaving any remnants of their former selves.
- Check for any plug-and-play devices, such as printers, that are no longer in use. Additionally, locate the folder associated with their software drivers to uninstall any unnecessary drivers.
- Check your browsers for plugins that are no longer used. Removing plugins and items added to the Login Items tab of the user's account will trim the user's profile of unwanted applications and allow it to boot faster and load the browser quicker.
4. Lock down settings
Computer settings are very fickle; among many other things, they control how we interface with a system. Though macOS is quite flexible in allowing users to establish preferences as to how we access and utilize resources, when settings differ too much, the systems can become bogged down by the various changes, and stability often suffers because of it.
Removing unused software is one aspect of system hardening, but what do you do about the items you cannot remove, such as services? In order to limit the system's attack surface, identifying these underlying system components, stopping these services, turning them off, and modifying their default configurations works well to slim down the computer's profile and not waste precious resources on those features that will go unused. Depending on the settings you want to secure, you may find a wealth of configurable options in the System Preferences, while other more in-depth items (such as services) will need to be adjusted via the Terminal app.
System settings are a great area of concern and should be modified in accordance with best practices, modern security recommendations, and with regard to your industry's regulations.
Another point of contention that is unfortunately overlooked more often than not is the BIOS. While Apple devices do a great job of masking much of the BIOS from view, there are several settings that should be secured by setting up a firmware password to prevent unauthorized users from making changes.
5. Secure network activity
While securing the device is of great importance, many Mac users (corporate and consumers) are of the mind-set that their devices are impervious to harm. Though 2017 has largely put a great deal of that thinking out to pasture, it still blows my mind how many Apple computers are in the wild without so much as a system password enabled.
SEE: Network security policy (Tech Pro Research)
Having easy access to your computer is great, but the easier your data is to access the more likely your data can and will be compromised. Windows users have been conditioned to use antivirus software for detecting known threats, malware scanners, and a firewall to filter out unwanted traffic. Apple users should enable these features on their systems, install these protections (many of which are often free), and implement VPN software to secure their data and protect their privacy while connected to untrusted networks, like free Wi-Fi hotspots.
6. Protect your data
I've said this many times: Data is the lifeblood of any computing device. Computers are replaceable, but without protection and a good backup plan, once data are lost, it's game over.
Depending on the industry in which you work, not taking the required steps to protect data—even if it's not necessarily your data per se, but just stored on your devices or interacting with your software—could have repercussions that range from a slap on the wrist to loss of employment to even jail time.
Below are the different types of data from a security viewpoint and how to best protect each type.
- Data in motion refers to data as it is being transferred over a network. This type of data may be protected through VPNs.
- Data in use refers to data interacting with software or services. This type of data are protected by way of secured coding processes in software development.
- Data at rest includes any data that are kept on storage devices, such as data stored on hard drives or SSDs.
FileVault 2, Apple's implementation of whole-disk encryption, has been available since OS X Lion (10.7), and does a superb job of keeping data protected against anyone that can get their hands on the device—online or offline. Configuring FileVault 2 shouldn't take longer than five minutes initially, though the process to protect the data can take significantly longer, as it depends on the amount of data to be encrypted. Setup can be handled manually as a self-service or may be deployed as a transparent solution to the user by IT; the payoff extends far beyond the lifecycle of the data.
7. Back up and recover data
Backing up data is so common that all users who value their data should do this regularly. Most end users are familiar with this concept, but how often is it put into place correctly? Sadly, we find out the answer to that question once data loss has already occurred. This is a shame, since every version of OS X/macOS has Time Machine built-in; Time Machine marries the safety net of backing up important data with the "set it and forget it" simplicity that Apple is known for to provide a foolproof way to save data to multiple points at once.
But, as the saying goes, "the best-laid plans of mice and men oft go astray." The plan here being the backup scheme that is implemented to protect against catastrophic data loss; the gone astray part is how an unverified backup cannot possibly be counted on to protect from data loss if it goes untested. What if the worst happens and when you reach for your trusty backup to restore the lost data, you find that it stopped performing backups months ago, and all of your recent data was never archived?
SEE: Data backup policy (Tech Pro Research)
You never want to wait until a failure occurs to see if your data is recoverable. Verifying that backups created work properly to recover data is as important as consistently having your data backed up to an external source. Additionally, introducing a bit of redundancy into the backup plan is an excellent way of ensuring that your precious information is available at more than one location, in case accessing the device and the first backup are impossible. Setups consisting of a physical external hard drive and perhaps a secondary location, such as iCloud, will better protect your data and ensure it is available at two sources.
- End-of-the-year cleanup checklist for Macs (TechRepublic)
- How to secure your Mac in 4 basic steps (TechRepublic)
- 4 steps all Mac users should take to secure their data (TechRepublic)
- 17 tips for protecting Windows computers and Macs from ransomware (free PDF) (TechRepublic)
- Apple's iCloud Keychain: The smart person's guide (TechRepublic)
- Secure your iPhone and iPad: Change these iOS 11 privacy and security settings now (ZDNet)
- iOS crashes and MacOS flaws? Here's what to do (CNET)
What are your end-of-year maintenance Mac procedures? Share your tips for keeping your systems protected, and operating properly throughout the year.
Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from several vendors, including Apple and CompTIA.