Business setup (user/admin) & security

Joined
Jan 19, 2024
Messages
1
Reaction score
0
Hi,
I'm a small-business owner (5 people). We had someone click on a phishing link on our (Windows) machines, and it started spamming all of our of contacts.
(This on Windows machines which were running as non-admin users, and already had heavy-handed anti-virus & anti-phishing software).
As no further trace of the malware could be found, we are uncertain whether it is gone or hiding (e.g. rootkit).
I've decided to throw out the SSD's and get new ones and install Linux Mint on those.

I've also gotten a Mac Mini, in order to get everyone accustomed to working with MacOS, and have more modern/stable/supported options rather than only Linux. (I have about 1 year of experience using a Macbook Air privately).
If everyone likes it, perhaps the next time we replace hardware then we can just get Macs.

Our computers are not allocated to 1 person, we all share them in function of where we are at the time of day.
(Our work is mostly browser based, with the rest being basic document generation which can be done in MS Office or similar suites).
I also got a Magic Keyboard with the finger print reader, to make logins quicker. (I read that Mac supports maximum 5 fingerprints, which would be fine).

What are the best practices for such an environment?
I already applied for the Apple Business Manager system and started to set up the Mini with a business account, but ran into problems.
(there are 2 local machine accounts, an admin and a regular, but they also need (do they though?) an Apple ID account, and the software in the App store doesn't want to update for the regular user.)
I thought being part of ABM might make it easier if we want to (at some unknown point in the future) configure Macbooks for mobile use, but perhaps it's rather overdoing things at this scale and is overall inconvenient for the limited number of users.

- I'll reset the Mini and start the install again. I'll create a local (non Apple Business Manager) admin user, and then an ordinary user, both with passwords?
What are the limits of an ordinary user?
Should both have Apple ID? Separate or the same ID?

- Given that there also exists (not much, but still) malware for MacOS, are there recommended (commercial) anti-malware software?
I see that BitDefender is recommended in some tests on MacOS.

- Are there other good practices, to avoid people causing security problems or screwing up the OS?
 
Joined
Mar 28, 2024
Messages
99
Reaction score
2
Hi,

Transitioning to a Mac environment can be a great step for your small business, especially with the security and stability that macOS offers. Here are some best practices to help you set up and secure your Mac Mini and prepare for a potential future with more Mac hardware:

Setting Up User Accounts​

  1. Admin and Standard Accounts:
    • Create one local admin account for system management tasks.
    • Create individual standard user accounts for each employee. Standard users cannot install software or change system settings, which helps prevent unauthorized changes and potential security issues.
  2. Apple IDs:
    • Each user should have their own Apple ID to ensure personal data, app purchases, and iCloud services are kept separate.
    • You can set up each user with their Apple ID, or create new ones if needed. This is important for services like iCloud, App Store purchases, and Apple-specific features.

Apple Business Manager (ABM)​

  • Utilizing ABM:
    • ABM is beneficial if you plan to scale up your Mac usage in the future, as it simplifies device deployment and management.
    • For now, you might find it easier to manage the Mac Mini with local accounts, especially if the current number of devices is small.

Security Best Practices​

  1. Anti-Malware Software:
    • While macOS is secure, adding a layer of protection with anti-malware software like BitDefender or Malwarebytes can help safeguard against potential threats.
  2. Regular Updates:
    • Ensure that macOS and all installed applications are kept up to date to protect against vulnerabilities. Automatic updates can be enabled in System Preferences > Software Update.
  3. Backups:
    • Use Time Machine to regularly back up data on the Mac Mini. This helps ensure data recovery in case of hardware failure or data corruption.
  4. FileVault:
    • Enable FileVault to encrypt the entire disk, protecting data if the machine is lost or stolen. This can be set up in System Preferences > Security & Privacy > FileVault.
  5. Firewall:
    • Ensure the macOS firewall is enabled to protect against unauthorized incoming connections. This can be enabled in System Preferences > Security & Privacy > Firewall.
  6. Limited Permissions:
    • Standard users should not have admin privileges. This reduces the risk of malware installation and accidental system changes.

Additional Tips​

  1. Training:
    • Educate your team on recognizing phishing attempts and other social engineering attacks. Regular training can greatly reduce the risk of such incidents.
  2. Centralized Management:
    • Consider using a Mobile Device Management (MDM) solution if you plan to scale. MDM allows for centralized management of security policies, app distribution, and more.
  3. Browser Security:
    • Use browser extensions that enhance security and privacy, such as uBlock Origin or HTTPS Everywhere.

Setting Up the Mac Mini​

  1. Reset and Reinstall:
    • Reset the Mac Mini and reinstall macOS to start fresh. Create an admin account and a standard user account with strong passwords.
  2. Configuration:
    • Configure system settings according to your security policies.
    • Set up the Magic Keyboard with fingerprint reader to allow quick and secure logins for each user.
By following these steps, you can ensure a secure and efficient transition to using macOS in your small business. Keeping security and user management in mind will help mitigate risks and provide a smooth experience for your team.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top