Last week I gave a talk at Victor Medina’s excellent MILOfest [1] conference about How to Secure Your Mac Law Firm. In preparing for the talk, I developed the following set of best practices that any lawyer using Apple devices should employ to help protect their law firm’s data:
Securing Your Desktops/Laptops
- Upgrade to OS X Lion [2] and enable FileVault 2 for full disk encryption. Read more about FileVault 2 and Lion here [3].
- Enable [4] the off-by-default firewall.
- Set your screen saver / lock screen to activate after 5 or fewer minutes of activity.
- Disable automatic login.
- Enable Find my Mac so you can geolocate your device and/or remotely wipe it if necessary.
Securing Your iPhone / iPad
- Activate the passcode-based lock screen
- Consider enabling complex passphrases for the lock screen
- Consider enabling automatic data wipe on your device is passphrase is entered 10 times incorrectly
- Enable Find my iPhone / Find my iPad so you can geolocate your device and/or remotely wipe it if necessary.
Securing The Cloud
- Employ a password manager such as 1Password [5] to securely generate and manage your various web site passwords. More on the risks of weak passwords here [6].
- Consider using an encryption tool such as TrueCrypt [7] to protect especially sensitive data you’re storing in the cloud. Note that full disk encryption does not automatically encrypt data you are storing in the cloud.
- Dropbox [8] continues to be wildly popular among lawyers despite their various security- and privacy-related failings [9]. Consider using a tool such as SecretSync [10] to encrypt and lock-down your especially sensitive Dropbox data.
This list isn’t by any means exhaustive, but it provides a solid foundation for the security of your Mac, iPhone, iPad and cloud-based data. Let me know of any other tips you might have in the comments!