Six Steps to Better Mac & iOS Security

Ben Greiner -

Security is a broad topic with many shades of gray. Spend five minutes with a security expert and you might be scared into living off the grid, on a remote island, in a small cave. How else will you guarantee safety from hackers, phishers and common malware hooligans?

Because I’m not a security expert I feel comfortable talking about security in more practical terms. I neither dismiss security (it’s a cornerstone of our business), nor do I like to see it hinder the ability to get a job done. Security is about reducing risk. We each have different levels of risk we’re willing to accept, but basic security precautions should not be ignored.

At my company, Forget Computers, we have the privilege of working with Mac and iOS users across a broad range of offices. We work with single independents, large corporations and everything in between. Surprisingly, we often witness a total disregard for basic security. This lack of concern transcends all client types. We see it in small offices who feel they have very little to secure, and in large corporations where Mac & iOS users are overlooked, either because IT doesn't know they exist, or because IT lacks the knowledge (or time) to hold them accountable.

Why Worry?

What used to be stored and locked away safely in the office is now capable of floating around the world. Today we’re able to access, modify and carry with us data from almost anywhere. This shift, from securing a few documents in a single location to securing the life history we carry around in our pocket, is a new development. It makes sense, on a personal level, that our education and awareness of these new security concerns has fallen behind. When it comes to corporations, Mac and iOS devices are also relatively new, so there is not a lot of historical knowledge and experience in securing these devices.

Think of all the information you touch daily from your Mac, iPhone or iPad. Does any of this contain data that would concern you if it were exposed? Does it contain usernames, passwords, credit card numbers, private company or confidential client information? We all have some of this information and we need to take basic measures to secure it.

Feel I might be exaggerating? Security threats are occurring on a daily basis. Some examples include:

  • Publicly accessible file servers are hit with break-in attempts every day! We see this even in small offices. (Ask your IT team to check your server logs to confirm.)

  • Mobile devices getting lost or stolen. FCC.gov reports this trend is sharply on the rise.

  • Major corporations lose information. In August 2012, Amazon closed a security hole after a hack, and the Global Payments breach in 2012 exposed 1.5 million credit card numbers.

  • Passwords get hacked. Facebook reported in 2011, that they see 600,000 compromised logins each day!

  • Credit cards get stolen. Target got hacked in 2005 and again, late 2013.

Still not convinced that investing in security is critical to your business? Then take this simple pledge...

"I [Your Name] do acknowledge that by ignoring basic security recommendations I am putting my business, my clients and my personal information at risk.”

We don’t have time in a single article to cover everything required to secure your business, so let’s focus on a few basics.

Step 1: Become aware.

Start thinking about what you need to protect. Think about the data you carry around. Think about where it's stored, how it's secured, and who has access to it — clients, vendors, employees … hackers!? Think about your data at work, at home, while you're traveling or working from the coffee shop on a public WiFi network. What do you need to protect, and from whom? A common list of areas are banking and credit card information, proprietary company documents and private client information.

Step 2: Forget your passwords.

I know only a few of my own passwords — one to login to my Mac, one for my iPhone and one to unlock 1Password (on Mac and iOS). Use a password manager, and common sense, to forget your passwords and accomplish the following:

  • Stop using the same password for everything.

  • Use randomly generated, unique passwords.

  • Store passwords securely (shred the sticky notes).

  • Never (ever!) share passwords with someone you don’t trust.

  • Do not type a password into an unknown or suspicious web site.

Step 3: Secure your email connection.

Make certain to only connect through SSL. This is a setting in Apple Mail or Outlook on the Mac and on the iPhone and iPad. If you check email through a web browser, only use HTTPS in the URL. There are a lot of variables here so ask your Support Desk for assistance. Even better, ask them to disallow all but SSL connections to your email server. This will guarantee that no one in your company can absentmindedly check email insecurely from a coffee shop and expose private information. 

Step 4: Lock down your Mac.

  1. Require a password at login by turning off Automatic login (System Preferences > User & Groups > Login Options).

  2. Require a password after sleep or when the screen saver begins (System Preferences > Security & Privacy > General).

  3. Enable FileVault 2. This will encrypt the contents of your entire drive and help keep your data secure.

  4. Run as a Standard User (even if you know the Admin User credentials). Details on why and how to accomplish this are here, http://frgt.co/stand-user.

  5. Password protect your backups. (You do backup, right!?) We use CrashPlan PROe for secure backups. If you use Time Machine be sure to enable the “Encrypt backups” option. If a backup is stolen and not encrypted then the data can easily be restored to another computer.

Step 5: Secure your mobile devices.

Adding a password is very easy (Settings > General > Passcode Lock). Also setup Find My iPhone so you can remotely erase your device if it’s ever lost or stolen. With iOS 7 or later, this will also enable Activation Lock, making it harder for anyone to use or sell your device. Even small businesses can guarantee passwords are used and remote wipe is an option by leveraging the ActiveSync features of Microsoft Exchange or by using a Mobile Device Management (MDM) solution, like our very own Robot Cloud.

Step 6: Protect your data.

If the data you're trying to protect is in-house, then it's common practice to protect it behind a firewall. Don’t unnecessarily expose a server (or any other device) publicly. Use a virtual private network (VPN) connection, or a tool like LogMeIn, to gain secure remote access to your office.

Secure your wireless network with WPA2 encryption (and a secure password!). For further protection, avoid routers with Wi-Fi Protected Setup (WPS). Also consider using a wireless Guest network that has no access to your secured network. Finally, be very cautious when using public wireless networks. Do not assume they are safe. You’re sharing a connection with strangers. If you must work from a public location then route everything through a VPN connection to encrypt your data.

If you also store data in the cloud, then consider using a cloud-based identity and access management solution like OneLogin.

Get Started Today!

These six basic steps to improving your Mac & iOS security are not all easy (passwords are a pain) but they are important and you can accomplish most of them in the next hour. Start now! Focus on what’s important to you. Be aware and reduce your risk. Good luck!

Have more questions? Submit a request

1 Comments

Please sign in to leave a comment.
Powered by Zendesk