Keeping Your Mac Secure

Anti-malware Software

Although Apple computers are less prone to malware than Windows PCs, Mac users are still vulnerable to trojan horse attacks if they inadvertently open an infected email attachment or click on a malicious weblink or image. Apple provide some in-built protection with its X-Protect and Gatekeeper systems, but we still advise using a full anti-malware product on your Mac.

University Macs are provided with Microsoft System Center Endpoint Protection, the same corporate anti-malware software that is installed on University Windows PCs.

Home users can obtain free anti-malware programs, such as:

Note that providing the links above is not an indication of endorsement of any of these products.

We also recommend that you turn on your Firewall. The setting is located in System Preferences - Security - Firewall.


Lock your Mac screen

As per The University of Bristol Information Security Policy, computers and other equipment used to access University facilities must not be left unattended and unlocked if logged in. The policy can be found at the following link. Please review the section on "Unattended equipment" for further information:

IT Services Information Security Policy

It is therefore important that you ensure your Mac is secured when unattended. Once step to ensure this is to lock the screen while you are away. You can do this by taking the following steps:

  1. Enable the lock screen
    • Apple Menu > System Preferences > Security & Privacy > General
    • "Require password after sleep or screen saver begins" - Ensure that this is checked.
  2. Lock your Mac screen
  3. Different models of Mac possess different methods for locking the screen.

    For Macs with an "Eject" key, or Macs using external keyboards:
    Control+Shift+Eject
    For Macs without and "Eject" key, such as the Macbook Air or Macbook Pro Retina:
    Control+Shift+Power

Protecting your Mac hardware

Apple include a location software called Find My Mac which can be used to locate lost or stolen laptops (and desktops).  If you think you have lost the computer, it can be used to play a loud sound or locate it on a map. If you think it has been stolen, it can be used to lock the computer, or remote-wipe the data on the disk to protect your private data.  Setting up a guest account on the computer doesn't compromise your data, but may increase the chances of a thief using your laptop long enough for it to be located.

Advice on setting up Find My Mac:

http://www.macworld.co.uk/news/mac/what-do-if-your-mac-stolen-how-make-sure-you-can-locate-it-if-it-3461278/

Third-party software such as Prey (https://preyproject.com/) can add additional tools such as remotely viewing from your laptop's webcam.

 


Protecting your data

All members of the University should be familiar with our Information Security advice and policies. Please reference http://www.bristol.ac.uk/infosec/.

How to encrypt your laptop's drive with FileVault

The University Security Policy requires that all University mobile devices (laptops, tablets, phones and external disks) are encrypted. IT Services will encrypt any new purchases prior to handing over new devices to their purchaser. We also advise that you should encrypt your personal laptops.  Apple's method of encrypting laptops is called FileVault 2.  The following link explains how to set it up:

http://support.apple.com/kb/ht4790

Encrypting a memory stick or external disk

As per The University of Bristol Information Security Policy, if data classed as "sensitive" under the Data Protection Act is stored on a mobile storage device, that device must be encrypted. Please review the following information:

Encrypting mobile and storage devices

If you need to transport files via memory stick or external disk, University Information Security policy requires that this be encrypted. macOS provides built in functionality to allow this:

  • Plug the device into the Mac. The device should automatically mount on your system. These instructions assume you have a USB disk with the name "USB".
  • Open the Finder. Your disk should appear in the "Devices" column in the Sidebar. Alternatively, you can browse to the top level of your disk (normally called "Macintosh HD") and locate the device from there.

  • Right click the device and select "Encrypt":

  • Enter a strong password and click "Encrypt Disk". Your device will require this password each time you connect the disk to your machine.