Secure your Mac laptop
|
|
Considerations |
Whole Disk Encryption
In order to help mitigate risks to information associated with physical loss or theft, your laptop hard drive can be encrypted to prevent unauthorized access to information. In the event that your laptop is lost or stolen, Whole Disk Encryption will prevent an unauthorized third party from accessing the contents of your laptop. If someone tries to break into your system to retrieve files, they will not be able to access your computer without your passphrase.
Whole Disk Encryption is centrally supported by University Systems and provides benefits such as encrypting an entire hard disk (including operation system, applications, and data), central management, policy enforcement, encryption key management, and recovery.
Additional information on Whole Disk Encryption is available on the University Systems service catalogue.
Limit local data storage
Laptop computers are often used to work on documents while on the go. To accomplish this task, documents are often saved to the laptop so that they can be accessed without a connection to the Internet; however, this habit results in a large store of potentially sensitive documents that is present on the laptop. Whole Disk Encryption can help to mitigate the risk of unauthorized access to these files in the event the laptop is lost/stolen; reducing or eliminating the storage of documents on your laptop further reduces the chance that university data is exposed.
Ideally, no documents or data should be stored on your laptop. Instead, you may be able to view this information as needed through the Internet (i.e. viewing your class list using FAST as opposed to saving your class list in a file on your laptop). If a document is stored on your computer, it should be deleted when it is no longer required or moved to a more secure storage medium like UVic network storage.
Physically secure your laptop
Do not leave your laptop unattended in a public area for any amount of time. Ensure that your laptop is physically locked using a cable lock to reduce the chance that it is stolen, even if the laptop is in your office. Laptop cable locks are available from the Technology Solutions Centre.
Restrict user login access
Only authorized users should be able to login to your computer. Reduce the number of potential users on your computer by removing old accounts from former employees or past users. Ensure that your laptop is set to lock after 15 minutes of inactivity and prompt for a username and passphrase to unlock. This will reduce the risk of an unauthorized user from easily accessing your laptop in the event that physical access is achieved.
If you use your NetLink ID and passphrase to login to your laptop, ensure that only authorized users in your department—and not everyone with a NetLink ID—can login. Contact the Computer Help Desk or your desktop support personnel for assistance implementing login restrictions.
Secure your network traffic
The UVic Virtual Private Network (VPN) service provides a secure communication back to the campus network. VPN servers employ encryption and other security measures to ensure that data sent on the Internet will not be intercepted. For security reasons, all faculty, staff, and students are encouraged to use the VPN client when connecting to UVic services over the Internet.
Installation instructions for the Cisco AnyConnect VPN client are available on the University Systems help centre. This software is free to members of the university but must be authenticated with a valid NetLink ID and passphrase.
Secure access to network storage at UVic
UVic's Personal Home File Storage service is a secure network storage space that is available to all UVic students, faculty, and staff. All of the Windows workstations in UVic's computing facilities are connected to your home file storage, but you can also connect to it from your personal laptop. For instructions on connecting to your home file storage, visit our help centre. Please note that you will need to connect to the VPN client; connecting through the VPN client will ensure that the information being communicated is encrypted and secure.
Your department may also have a file share that is hosted by University Systems. For more information on this network storage location, contact your Desktop Support Services Analyst or the Computer Help Desk.
Install protective software
Microsoft Defender for Endpoint (MSDE) is recommended for all Mac laptops. This software includes antivirus protection, real-time threat protection, network threat protection, and a network firewall. This software should be installed and regularly updated to ensure that your laptop is less vulnerable to these threats. MSDE can be obtained from the anti-virus for facuilty and staff support page.
Use firewall software
The application firewall in Mac OS can be enabled to enhance the network protection available on your Mac. Apple provides configuration instructions for Mac OS 10.6 and later. This will help to protect your laptop, especially when connecting to less-secure networks at conferences, coffee shops, and other public locations. University Systems recommends keeping your device updated to a supported version of the macOS operating system.
Backup your data securely
The Tivoli Storage Manager (TSM) system is backup and recovery software designed to protect faculty and staff computers from data loss. Laptop users can utilize TSM to perform manual backups to a secure server and then, if necessary, retrieve those files later.