By Rajat Bhargava Posted November 18, 2019
Mac systems have enjoyed a significant resurgence over the last decade. Once relegated to niche markets, Mac devices are now in the mainstream. Virtually all enterprises are using Macs. Many SMEs are 100% Mac shops and organizations such as IBM have built a significant practice around implementing Mac and Apple solutions for enterprises.
So if you’re an IT admin with Macs in your environment, how do you make sure they’re secured?
Here are five core best practices for Mac security:
1. Centrally Control User Access –
Your user’s systems are the conduit to your confidential data. It is easy to say that everything is in the cloud and users aren’t downloading data onto their Mac systems. Unfortunately, even if that were true – and, we all knows that it isn’t – their devices hold the passwords and keys to confidential data in the cloud for web applications and cloud infrastructure.
Central control over user access for Macs has always been a challenge. Microsoft Active Directory® doesn’t function well with Macs. Apple Open Directory isn’t as helpful with Windows systems. OpenLDAP works well with Linux, but struggles with other types of systems.
But device management is a pillar of security. So lack of management has become a core problem that IT admins struggle with for their Mac fleet. They are always compromising in some way. The good news is that with Macs growing in popularity, new services have emerged that give admins central control over Macs. JumpCloud’s own Directory-as-a-Service is one such tool and so is Jamf Pro.
Note: Jamf and JumpCloud collaborated on a webinar called “Managing Macs in the Cloud-Forward Enterprise.”
You can watch a recording of the webinar for free here.
2. Ensure Long, Complex Passwords –
Once you’ve enabled control over user accounts on your Mac systems, the next step is ensuring that your users are leveraging long, complex passwords. Password strength is more critical than ever and the best way to do that on your system is to have a lengthy, complex password. The best way to do this is to combine a number of words or even to create a sentence that you can remember easily. Mix in capitals, some numbers, and special characters and you’ll dramatically increase the difficulty of breaking into the system.
3. Enable Multi-Factor Authentication –
MFA at the system-level is a critical security component. Unfortunately, Apple has made it difficult to enable MFA for Macs which is why this capability isn’t widely available or known about. Directory-as-a-Service also provides system-level MFA for Macs. The MFA process leverages a token generated by Google Authenticator, Duo Mobile, or any other system that leverages the TOTP standard.
4. Turn on Full Disk Encryption –
If a device been stolen or lost, it is critical to make sure that your data on that system cannot be accessed. By enabling full disk encryption, the hard drive has been encrypted when at rest and not in use. In order to use the machine, the hard disk needs to be unencrypted and that requires you to enter that long, complex password that your users created earlier. Along with Mac MFA, FDE capabilities make it extremely difficult to compromise the machine – even if that hard drive were to be removed.
5. Install Anti-Virus –
When you are using your machine there is a chance that you download a virus, have been sent malware, or install something malicious. All of these issues are difficult to stop when you are using your system. Phishing is a significant issue. Malware infected websites are common, and unfortunately too many systems get infected. A great defense against these various security threats is to install a Mac anti-virus system.
More Mac Security Best Practices
There are, of course, many other Mac security techniques that we could list here, but these are the core security steps that we suggest you take. Each one of these can be easily and quickly implemented across an entire fleet of Mac systems (Windows and Linux too). As seen in the graphic above, one of the best ways to secure and manage your Macs is by combining JumpCloud and Jamf system and user management.
If you have specific questions about how a unified cloud directory could help you achieve the Mac security best practices above, drop us a note. As well, take a look at the variety of solutions that can help you implement your Mac security requirements. You can check out Directory-as-a-Service by signing up for a free account. Your first 10 users are free forever.