Secure your Mac desktop

Return to top of page.
Return to primary navigation.
Skip to secondary navigation.

Mac desktop


Whole Disk Encryption

In order to help mitigate risks to information associated with physical loss or theft, your desktop hard drive can be encrypted to prevent unauthorized access to information. In the event that your desktop is stolen, Whole Disk Encryption will prevent an unauthorized third party from accessing the contents of your laptop. If someone tries to break into your system to retrieve files, they will not be able to access your computer without your passphrase.

Whole Disk Encryption is centrally supported by University Systems and provides benefits such as encrypting an entire hard disk (including operation system, applications, and data), central management, policy enforcement, encryption key management, and recovery.

Additional information on Whole Disk Encryption is available on the University Systems service catalogue. This software can be obtained from the Technology Solutions Centre.

Limit local data storage

Work computers are often used to store sensitive work documents. Whole Disk Encryption can help to mitigate the risk of unauthorized access to these files in the event the desktop is stolen. Reducing or eliminating the storage of documents on your desktop further reduces the chance that university data is exposed.

Ideally, no sensitive documents or data should be stored on your computer. Instead, you may be able to view this information as needed through the Internet (i.e. viewing your class list using FAST as opposed to saving your class list in a file on your desktop). If a document is stored on your computer, it should be deleted when it is no longer required or moved to a more secure storage medium like UVic network and/or TSM storage.

Physically secure your desktop

Never leave your desktop in an area that's not secure. Locking your office door when you are not present will also reduce the risk of computer theft.

Restrict user login access

Only authorized users should be able to login to your computer. Your desktop should require a username and passphrase upon start up. Additionally, your computer should be set to lock automatically after a period of inactivity and require a passphrase to log back in. Reduce the number of potential users on your computer by removing old accounts from former employees or past users.

If you use your NetLink ID and passphrase to login to your computer, ensure that only authorized users in your department—and not everyone with a NetLink ID—can login. Contact the Computer Help Desk or your Desktop Support Services Analyst for assistance with your computer's login and account settings.

Secure your network traffic

Talk to your Desktop Support Services Analyst or the Computer Help Desk for your department's access control list (ACL). An ACL, with respect to a computer file system, is a list of permissions attached to a computer file system object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects.

Secure access to network storage at UVic

UVic's Personal Home File Storage service is a secure network storage space that is available to all UVic students, faculty, and staff. All of the Windows workstations in UVic's computing facilities are connected to your home file storage, but you can also connect to it from your personal laptop. For instructions on connecting to your home file storage, visit our help centre. Please note that you will need to connect to the VPN client; connecting through the VPN client will ensure that the information being communicated is encrypted and secure.

Your department may also have a file share that is hosted by University Systems. For more information on this network storage location, contact your Desktop Support Services Analyst or the Computer Help Desk.

Install protective software

Microsoft Defender for Endpoint (MSDE) is recommended for all Mac desktops. This software includes antivirus protection, real time threat protection, network threat protection, and a network firewall. This software should be installed and regularly updated to ensure that your desktop is less vulnerable to these threats. MSDE can be obtained from the anti-virus for facuilty and staff support page.

Use firewall software

The application firewall in Mac OS can be enabled to enhance the network protection available on your Mac.  Apple provides configuration instructions for Mac OS 10.5, 10.6, and 10.7University Systems recommends keeping your device updated to a supported version of the macOS operating system.

Backup your data securely

The Tivoli Storage Manager (TSM) system is backup and recovery software designed to protect faculty and staff computers from data loss. Desktop users can utilize TSM to perform automated or manual backups to a secure server and then, if necessary, retrieve those files later.