Technology Guidance for Business Leaders | Ntiva Blog

Six Ways to Boost Your Mac Security

Written by Ben Greiner | Nov 22, 2021
The common wisdom in IT circles is that Mac computers are more secure than Windows computers. The macOS, after all, is built on Unix, which is harder to exploit than Windows.

But don’t think your organization is safe from hacker attacks simply because you use Macs.

Your enemy isn’t just malicious actors—it's also human error. If you want to protect your devices, networks and data, take these six steps to boost your overall Mac security!

1. Enroll in Mobile Device Management

The first step you should take to improve your Mac security is to enroll in Apple Mobile Device Management. Only with a Mobile Device Management solution will your organization have the capabilities you need to manage and secure your devices.

You will also be able to prove to auditors your Mac environment is secure, which is important for many types of businesses.

When security auditors examine your IT environment to ensure that you are secure enough to work with other organizations, or when they audit you as part of an insurance claim, you need to show them how you validate your mobile devices and prove that your security is adequate.

When you are enrolled in Apple’s Mobile Device Management, you are able to check some of the important boxes for CMMC, NIST, and other security requirements and recommendations.

Additionally, Apple Mobile Device Management offers a suite of Mobile Device Management commands that enable you to perform these higher-end actions like remotely locking devices, remotely wiping devices and more.

 

2. Create a Password Policy

Next, you should create structure around how your users log in.

This involves either a password policy, or integration with something like Addigy Identity, the out-of-the-box SSO authentication platform for MacOS.

Addigy Identity lets your users log in to their Mac computers and authenticate with either their Microsoft 365 credentials, their Google Workspace credentials, or their Okta credentials.

The secret to success, though, is to build some structure around login procedures.

Don’t just give your team computers and then let them choose how their passwords are generated. If users create passwords that are easy to guess, you are leaving your door open so that hackers can easily unlock those machines.

 

3. Deploy Screen Saver Locks

An unattended computer is a magnet for disgruntled employees, internal hackers and plain old nosiness – which is why you should deploy screen saver locks on all work computers.

Screen saver locks are software applications that activate when a computer has been inactive for a specified amount of time. They lock the computer, activate the screen saver, and prevent anyone from accessing the computer unless they know the user login and password.

Turn that function on!

 

4. Maintain Recovery Keys for FileVaulted Machines

FileVault is a disk encryption program for MacOS. If your employees use FileVault to encrypt sensitive files, that’s a good thing.

But if they encrypt their computers using a passcode only they know, encryption can present a giant hurdle.

If you need to access a computer that has been encrypted with FileVault, and if you don’t have the employee’s passcode, your only recourse is to ask Apple to unlock the device.

This requires you to prove to Apple that your organization owns the machine, which is a cumbersome and time-consuming process.

The solution is to enroll in Apple’s Mobile Device Management and to store all employee FileVault recovery keys there. Mobile Device Management prevents employees from creating passcodes that only they know.

 

5. Keep Your MacOS Up to Date

Apple security patches don’t protect your devices and networks unless you apply these patches.

An unpatched OS is a vulnerable OS!

One way to encourage your users to implement the latest Apple security patches is to use an app like Nudge to update their software.

This tool is especially helpful for organizations that do not manage all their Mac devices from one central place. It ensures all users receive a prompt to update their OS to the latest version.

 

6. Keep Up to Date on Apple Platform Security

Apple keeps you up to date on changes to their hardware, software and ecosystem on their Apple Platform Security page. This page contains the latest updates you need to ensure your hardware, systems, apps, services and more are as secure as possible.

Check it out to stay on top on necessary updates!

 

Protecting your Mac devices against hackers and malicious actors requires a mix of tools, policies and best practices. Since the cybersecurity landscape is constantly changing, you must do what you can to stay ahead of the hackers.

If you want to stay updated on all things Apple, consider signing up for Ntiva Live: Apple for Business, the biweekly livestream from Ntiva’s Apple technology experts.