Security precautions for macbook pro

[FlyingTexan]

I might be taking a new job in Africa. The places I'd be going will have the real potential for theft. I don't really have anything on my macbook pro right now that I can't live without. I've actually wiped it clean in the past and would have no issues doing so again.

So if you were going to be traveling through areas where you could easily be robbed of your items, but I'm not going to spend 4 week stretches there and not have my laptop, how would you set it up so that it's completely secure? Right now all I do is open the lid and put in a password to log in like I'm sure most do but that really doesn't seem like enough. I'd like to set it up so that if taken, even if they pulled the parts from it or tried connecting to it through some other means, that they wouldn't be able to get into the machine. Some of the information I'd have on it would be very sensitive. Are there 3rd party programs you could mention or a way to do a hard drive lock like my first thinkpad had that locked it on a bios like level? While I love my 13" rMBP I've always felt it was lacking in the protection department. That thinkpad from back in 2000 had more.


Currently I have:

1) Login home screen
2) Connect to internet via VPN

Thanks for any tips.

 

[NoBoMac]

https://support.apple.com/en-us/HT204837
https://support.apple.com/en-us/HT204455

Though, any security is only as strong as the password you use.

 

[KALLT]

What NoBoMac said. If you are using external disks, such as Time Machine, or thumb drives, consider encrypting them as well. Time Machine settings has an option to enable that.

Also make sure that you are using a secure VPN protocol (which means: not PPTP) and that it is configured to send all traffic over the VPN connection (in the network settings > select VPN > Advanced > Options). Also consider using a custom DNS server (also in advanced settings), such as 208.67.222.222 and 208.67.220.220 (OpenDNS) or 8.8.8.8 and 8.8.4.4 (Google DNS). Make sure that your sharing options are disabled in System Preferences > Sharing if you are not using them. If you don’t need Bluetooth, then turn it off (turning off Wi-Fi when you are not using it is also a good idea).

If you are using a browser other than Safari, then use the extension HTTPS Everywhere as well as an ad blocker to block unnecessary (and potentially unencrypted) connections.

 

[simonsi]

You have sensitive data so use FileVault2 to encrypt the drive(s).

Consider the possibility of hijacking and you being forced to enter the password though - face to face robbery is more common in Africa, theft is a given. I'd expect African criminals have learnt how to bypass/obtain passwords etc from high-value targets (basically anyone with anything). Your best bet is to avoid getting hit by good personal security.

Africa is a big place though and not all the same risk levels so hard to advise further.

 

[FlyingTexan]

Well based in Nigeria so the odds are not forever in my favor!

 

[FlyingTexan]

I have password encrypted a few folders. Basically I want a self destruct lol

 

[simonsi]

FV2 will keep the data secure. Setting a firmware password will prevent them using the machine with another disk to boot from. When my daughter was there in the oil industry she commuted between secure compounds to work/live, most of Nigeria has a "don't travel except absolutely necessary" warning let alone a "propensity to theft" so good luck!

 

[FlyingTexan]

Is FV2 the same as FileVault in the securities tab or is that a separate program?

 

[chrfr]

Is FV2 the same as FileVault in the securities tab or is that a separate program?

FV2 is FileVault, it's the second version of it, which is what is included in OS X. Just enable that in the security system preference and you're all set. Also enable a firmware password as mentioned above.