Last week I gave a talk at Victor Medina’s excellent MILOfest conference about How to Secure Your Mac Law Firm. In preparing for the talk, I developed the following set of best practices that any lawyer using Apple devices should employ to help protect their law firm’s data:
Securing Your Desktops/Laptops
- Upgrade to OS X Lion and enable FileVault 2 for full disk encryption. Read more about FileVault 2 and Lion here.
- Enable the off-by-default firewall.
- Set your screen saver / lock screen to activate after 5 or fewer minutes of activity.
- Disable automatic login.
- Enable Find my Mac so you can geolocate your device and/or remotely wipe it if necessary.
Securing Your iPhone / iPad
- Activate the passcode-based lock screen
- Consider enabling complex passphrases for the lock screen
- Consider enabling automatic data wipe on your device is passphrase is entered 10 times incorrectly
- Enable Find my iPhone / Find my iPad so you can geolocate your device and/or remotely wipe it if necessary.
Securing The Cloud
- Employ a password manager such as 1Password to securely generate and manage your various web site passwords. More on the risks of weak passwords here.
- Consider using an encryption tool such as TrueCrypt to protect especially sensitive data you’re storing in the cloud. Note that full disk encryption does not automatically encrypt data you are storing in the cloud.
- Dropbox continues to be wildly popular among lawyers despite their various security- and privacy-related failings. Consider using a tool such as SecretSync to encrypt and lock-down your especially sensitive Dropbox data.
This list isn’t by any means exhaustive, but it provides a solid foundation for the security of your Mac, iPhone, iPad and cloud-based data. Let me know of any other tips you might have in the comments!