In a series of articles focusing on Mac OS X, you will learn new ways to make your workday more efficient and profitable. Some of the subjects I will be addressing are: troubleshooting, software updates (when and how), security issues, and integrating with Windows networks.
Is your computer secure?
What do I mean by this is: Do you have proper computer security in place to protect your proprietary business data from theft or loss? As a graphics business, what about the client files you have on your system(s)? Do you protect their data?
Too often when I visit a customer I see computers that are either unsecured or have poor security in place. Security is certainly a mind-set that most of us don’t think of when it comes to graphics data but everyone knows how bad things get when you experience data loss, corruption or theft, let alone a customers’ files. The first step in securing your computer is to look at the physical side.
Hardware Security
Every Mac made since I can recall has always had a security slot built-in. You know, the little slot with the “chain” icon? This slot is designed to take a standard security device such as a Kensington lock. PowerMac G5’s have a little latch under the side-door release that can be flipped down to accept a lock. Securing the desktop, display or laptop computer to a work table or desk is a sure way to prevent physical theft. These locks are not expensive and work very well.
Software Security
Mac OS X has built-in security features that are quite sophisticated. While we can’t go over every aspect of them we’ll deal with the simplest first: Passwords. What makes a good password?
When you buy a new Mac the setup assistant will help you create an initial user account. This account is very special. First, it has administrative rights. This means that this account can be used to change anything on the computer. I’ve seen a lot of customers either assign a simple password for this account or none at all!
When doing a Mac OS X setup, always create a standard administrative account with a good, secure password. This is your first-line of defense against intrusion. I then create a day-to-day non-administrative account for each user to work with. This is especially good for businesses running multiple-shifts by keeping user data and preferences individualized. A side benefit is a non-admin account has a much lower chance of compromising your careful setups.
A password should be easy to remember but not easily guessed. Typically, I use a phrase but substitute letters such as “3” for “e” and “7 for “T” and so on. Uppercase and lowercase are important too! Mac OS X Tiger has a Password Assistant in the Accounts System Prefs that can evaluate your password or suggest ones to you. Click on the “key” icon in a password field to run it.
In the Security section of System Prefs you can enable password protection for the screen-saver, secure the virtual memory system and more. Using all or a combination of items can make for a very secure system.
Don’t expose your system
Another area of potential intrusion is the items in the Sharing icon of System Prefs. Mac OS X is very secure out of the box in terms of network intrusion. Turning on sharing services on your Mac can expose you to network hacking. A router is a cost-effective way to keep out intruders. If you do chose to operate your Mac without a router and turn on some sharing, use the “Firewall” tab in Sharing to disable incoming connections for the items you want to secure. Don’t forget to click the “Start” button in the firewall section to enable it.
Keychains
Probably the least understood feature of Mac OS X that customers ask me about is the Keychain. The Keychain system is a central repository for user names, passwords, certificates, notes and more that is encrypted. Mac OS X and many applications (such as Safari) use the Keychain to store confidential information that can be retrieved when needed. In the past, applications and other utilities used to store this information in non-encrypted preference files on an individual basis. If you open the Keychain Access utility from /Applications/Utilities you will most likely see a few entries already there depending on the applications you use. There will be entries for file servers, your email server credentials, an entry for Safari to store forms information and more. One of the interesting features of Keychain is the ability to store personal notes and information. Since the Keychain is encrypted this is a great way to store personal information you want away from prying eyes. One word of caution though. The default keychain (login.keychain or username.keychain) located in ~/Library/Keychains is opened and decrypted by default when you login to your Mac. This means that someone who has access to your computer while you are logged in has the potential to read this info. Fortunately, Keychain Access allows you to create as many keychains as you like that are NOT opened when you login. It would be better to store your info in these since it will ask for a password to view them.
Encrypted Disk Images
Another way to secure information is via the use of encrypted disk images. A disk image (.dmg) is a single file that acts as if it was a CD or a floppy or hard drive. If you download software from the internet I’m sure you seen these. If you run Disk Utility from /Applications/Utilities you create a new disk image of your choice of size and you have the ability to make it secure. You enter a password that will be required to open it when double-clicked in the Finder. When you send files to a customer consider this method of delivering the files either on CD or email to protect the data. Send the .dmg file instead of loose files. Who knows what happens when CDs get lost in the mail or courier…
Data Backup and Protection
Everyone knows they should backup their computer data. Some never do, some lament it after the damage is done. It bewilders me to see computers coming with huge 250GB hard drives and people don’t think for a second on how to backup those drives. In this day and age, tape-drive technology is having a tough time keeping up with the rapid pace of hard drive capacity. Tapes however offer the most inexpensive method of increasing your off-line storage. A backup however is only as good as the configuration of the software and most importantly, the reliability and testing of the restore process. A carefully planned backup solution can help archive data, retrieve a misplaced file or restore your entire network or server from a catastrophic failure.
More Business Security
Mac OS X has matured quite a lot over the years. It has become what many call an “Enterprise-ready” operating system. To many this means user management. In a larger business Mac OS X workstations can be completely managed from a central server. In Apple’s case, Mac OS X Server. We’ve done several setups with Mac OS X Server where user data does not live on the workstation but on the server itself. While this is a project that is more involved than some would require, this method provides total control of the security of the workstations. If a computer goes down or is stolen, simply move to another workstation, login and your data follows you on the network. Laptops can be configured to automatically sync their data to the server using this system as well. What about your email? Aside from the performance improvement of archiving years of emails from your computer, you should protect it with as much importance as your other files.
As I mentioned when I began, security is mind-set. It’s a state of mind that should be as important as your workflow and daily-activities. Neglecting computer security is as bad as not locking the doors to your business when you leave for the day.