Apple @ Work: For a small business without an IT staff, here’s how to keep your Macs secure
Apple @ Work is brought to you by Mosyle, the leader in modern mobile device management (MDM) and security for Apple enterprise and education customers. Over 28,000 organizations leverage Mosyle solutions to automate the deployment, management and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.
Usage of Apple products in the enterprise is growing at an unprecedented rate. The 2020 MacBook Air is still my daily driver, and it’s become prevalent in the enterprise. The balance of power and battery life is incredible at the price point. Even among small businesses, the Mac is increasingly becoming a popular choice. As we saw with Apple’s latest Apple at Work video, startups love Apple just as much as large companies. However, small businesses might lack the dedicated IT support to keep their Macs secure. Here is a round-up of tips and tricks for securing your Mac at work if you lack a dedicated IT staff.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
Back up somewhere
Backing up your local files somewhere is a critical first step to securing your Mac at work. I personally would recommend a combination of strategies, though. The first is setting up Apple’s Time Machine backup using an external hard drive. You can plug it up once a day to keep a second copy of any critical files. Time Machine will be useful in recovering from a hardware failure or an accidental deletion. Consider getting two drives and keeping one in a second location.
Second, Add on a Backblaze subscription for all your Macs. For less than a cup of coffee per month, every Mac in your office can have an offsite cloud backup. Backblaze’s app is lightweight and won’t slow your Mac down at all. Adding Backblaze follows a 3–2–1 strategy when paired with a couple of Time Machine drives:
- Three copies of your data
- Two locations
- One in the cloud
All small businesses using Macs should have some sort of backup strategy. If you’re only going to do one option, go with Backblaze as it’s a set it and forget it type solution.
Enable FileVault 2
FileVault 2 has been a crucial part of securing local drives for business customers. It ensures that data stored locally on computers cannot be accessed if the machine is lost. It uses XTS-AES–128 encryption with a 256-bit key to ensure data cannot be accessed without authorization.
FileVault 2 made its first appearance in OS X Lion and is still being used today. Small businesses can enable it under the Security & Privacy tab in System Preferences. There is almost no performance loss, but there is a lot gained in terms of security. End-users will likely never know they’re using FileVault 2.
Enable the built-in firewall
macOS includes a built-in firewall to block all incoming connections to your Mac. To enable, go to System Preferences > Security & Privacy, click the Firewall tab, and then click Turn On Firewall. If you don’t have the option to enable it, look for the lock in the bottom left corner to unlock the option.
The firewall has several options you can customize:
- Block all incoming connections, regardless of the app.
- Automatically allow built-in software to receive incoming connections.
- Automatically allow downloaded and signed software to receive incoming connections.
- Add or deny access based on user-specified apps.
- Prevent the Mac from responding to ICMP (Internet Control Message Protocol) probing and portscan requests.
Add a second user account
When setting up your Mac for the first step, you’ll have a single user account. I always recommend adding a second account as a backup in case something happens to your original one (corrupted, locked out, etc). It’s handy to have a second one you can access if you’re in a bind.
You can add a second account in System Preferences > Users & Groups.
Stay up to date on all macOS updates
Generally, the latest version of macOS is regarded as the most secure one. In System Preferences > Software Updates, you can verify you’re on the latest version of macOS. I recommend checking the box for automatically keeping your Mac up to date.
Checking for malware
While the Mac is very secure, if you install an app that has malware in it, you could end up with a compromised computer. My favorite app for checking for malware is CleanMyMac X from MacPaw. It contains a host of good troubleshooting tools, but its malware tool is well done. It’s worth having for all your Macs in your small business to make sure they are clean.
These tips are some basic ways a small business without a dedicated IT staff can keep their Macs running at full speed and with maximum efficiency. Make sure your computers are always backed up, up to date, and clean from malware – and you’ll be ready to get to work.