Go Directly to Page Content
Go Directly to Site Search
Go Directly to Site Navigation
ITS Safe Computing

Secure and Manage Your Computer (Mac)

If you are permitted to access or maintain sensitive institutional data using your personally owned computer or self-managed university-owned computer, please meet the minimum expectations below.

See Your Responsibilities for Protecting University Data When Using Your Own Devices for a complete list of your responsibilities when using your own devices to work with sensitive U-M data.

By meeting the minimum expectations below, you also protect your personal data.


Minimum Expectations for a Secure Device

Settings
Require a password for access to your computer Require the password when your computer sleeps or the screen saver is activated. Do not allow automatic login. In System Preferences, choose Security & Privacy, then the General tab. Follow these guidelines for a strong password.
Set your screen saver to activate after 15 or fewer minutes of inactivity, and require your password to unlock it In System Preferences, choose Desktop & Screen Saver, then set activation time.
Install and use anti-virus software See Anti-Virus Protection at U-M.
Turn on FileVault (for laptops) to encrypt the contents of your hard drive In System Preferences, choose Security & Privacy, then the FileVault tab.
Turn on the built-in firewall In System Preferences, choose Security & Privacy, then the Filewall tab.
Install U-M VPN (Virtual Private Network) software if you expect to use untrusted networks (such as guest wireless in a hotel or coffee shop) Members of the U-M community can download and install the U-M VPN. UMHS faculty and staff should download and install the the UMHS VPN.**

* U-M Health System (UMHS) faculty and staff should use the Cisco AnyConnect VPN client provided by Medical Center Information Technology (MCIT) to access Protected Health Information (PHI), Clinical Network and Applications, Schedulon, and Printing, as well as to access file servers and internal UMHS web content. For more information, installers, and instructions, see VPN - Cisco AnyConnect SSL Client in the UMHS KnowledgeBase.

Connections
Use a secure internet connection Secure networks include wired connections and MWireless.
Turn on the U-M VPN if using untrusted wireless networks (such as guest wireless in a hotel or coffee shop). (UMHS users should use the UMHS VPN (see above). The U-M and UMHS VPNs—Virtual Private Networks— provide a secure computing experience when accessing a U-M network from a remote location or when using a wireless connection.
Turn off optional network connections (WiFi, Bluetooth) when you are not using them. This prevents unauthorized access to your computer through those connections.

Management
Keep your Mac OS updated to take advantage of security updates and other improvements We recommend that people avoid connecting to U-M networks from machines running Mac OS 10.5 (Leopard) and older.
Keep your applications updated This is to take advantage of security updates and other improvements.
Do not root, jailbreak, or otherwise unlock your device This bypasses security features. Do not do this unless it is required for your university work.
Only install trusted applications Only install applications from reputable software providers.
Be aware that certain types of sensitive data (such as Export Control, HIPAA, and FISMA) cannot be accessed or maintained outside the U.S. See the Sensitive Data Guide for details.
Before you sell or give away your computer, erase the hard drive securely. See Encrypt and Securely Delete Files (Mac).
Report security incidents If you use your computer to maintain or access sensitive institutional data and it is lost or stolen, notify the ITS Service Center.
Back To Top

Additional Best Practices

Consider these additional options for enhanced security for your computer and the data maintained on or accessed from it.

  • Back up your data. Always keep a backup copy of files you do not wish to lose. Hard drives wear out and fail. Devices can be lost or stolen. The university offers several file storage options you can use. Check the Sensitive Data Guide to see which services are appropriate for certain types of sensitive institutional data.
  • Choose web browser security settings that protect your privacy and enhance security.
  • Protect yourself online. Learn about strong passwords, how to protect your identity, how to avoid phishing scams, and more.
  • Put a sticker on your computer with your name and contact information. This low-tech, practical step enables somebody to contact you if they find your lost computer.
  • Register your devices. The U-M Police Department offers a free laptop and personal electronics registration program to members of the U-M community to deter theft and assist in the recovery of stolen property.
  • Traveling with technology. Take precautions when you are away from home to protect your privacy and the university's sensitive data.
  • Encrypt your desktop. Turn on FileVault to encrypt the contents of your hard drive. Look in System Preferences under Security & Privacy.
Back To Top
Back To Top