Theft and Data Security Tips for M1?

[Larvas]

Hey guys,

I'm updating my department to the new M2 Macbook Air's, we are talking about 5 devices, and I personally have my 1 year old MBP with a M1. In about six months time I will enable my team remote work, and I want to make sure that all the data is safe when the devices get stolen.

I remember that with Intel chips it was really easy to change the admin password, the thief could just go in to recovery mode and a simple terminal command would rewrite the admin password. I tested this method on my M1, and figured out that if FileVault is set as "on", the method doesn't work without knowing the FileVault password or the iCloud ID, which is perfect.

Are there any other options that I might be missing or maybe some tips from your own experience? (Aside from the fact that all the software suits have their online backups enabled).

 

[Gudi]

Are there any other options that I might be missing or maybe some tips from your own experience?

You should create separate Administrator and User accounts and restrict the users from changing major system settings like switching off FileVault. The first account created on a new Mac is always an Administrator account with the ability to turn all security features off.

 

[chabig]

I agree with @Gudi. Other than that, train your coworkers not to share their account passwords with anyone!

 

[FreakinEurekan]

Definitely look at a profile solution - Apple Business Manager or a 3rd party tool. If your workers are remote and you don’t have the ability to enforce policies through profile, you might have to provide Admin access to the user for troubleshooting issues… and then they have the keys to the kingdom.

 

[maflynn]

Take a look at this article and see if this might give you some direction
Apple introduces device management solution aimed at small business