What is everyone doing for data security?

[Benchobi1]

My old Macbook Pro is needing a replacement. I was hopeful for this model, but the soldered in SSD is a REAL concern. I work for places who are VERY sensitive over their data and some places I work "don't exist". I use my Mac for my personal finances as well.

So if the computer needs to go out for repair or replacement, what is everyone doing to safeguard their data? I guess the obvious answer is to store everything on external storage; however, at this price point it seems ridiculous to always have to use a plugged in drive to do my work. In the old days I'd remove the hard drive and replace with a fresh one. This is not an option any longer.

What's your strategy?

 

[Apple_Robert]

Currently, I have 2 TM backups going and a CCC backup. If I need to take my Mac in for service or replacement, I can wipe the drive and install a new copy of Sierra (I run FileVault) and take to Apple.

 

[iizmoo]

Turn on FileVault, and use a really really long password to unlock the FileVault encryption key. I do not keep the encryption key on iCloud.

You can also further create an 256 bit encrypt sparse image to store secure files within the encrypted partition. I do that just so I can sync a storage image via Dropbox that has my tax returns and financial stuffs. But then again, I work at places that "do" exists.

The question really is, if there are state actors involved on the other side, do they have the capability to decrypt your stuffs even with the whole strong passwords and 256-bit encryptions... The average criminal don't, but from the sound of your post, the average criminals might only be the lower third of the threads you're trying to protect against.

 

[ssong]

bumping for interest.

but to op, I would have assumed that for highly security sensitive companies they would provide you with devices rather than do the usual BYOD? Or do they install lots of stuff and micro manage your device?

 

[fatalogic]

I'd get the smallest built-in ssd and go external. At least if you need to wipe the data you could be certain the drive is really destroyed with an external drive vs trading in the laptop with recoverable information on the drive.

 

[Benchobi1]

bumping for interest.

but to op, I would have assumed that for highly security sensitive companies they would provide you with devices rather than do the usual BYOD? Or do they install lots of stuff and micro manage your device?

We're an independent contractor and we work for several high security places. As such, we're expected to provide our own equipment and we're expected to safeguard the client's data. We don't attached to the client's network, but our work generates documentation that can't be let out.

Of course it's not usually a problem since we do take extreme care. My biggest concern is not necessarily your average thief. I'm more worried about the computer going back to Apple with sensitive data on it. After all, if anyone can access an encrypted drive, it would be Apple.
[doublepost=1481398714][/doublepost]

I'd get the smallest build in ssd and go external. At least if you need to wipe they data you could be certain the drive is really destroyed with an external drive vs trading in the laptop with recoverable information on the drive.

I might just have to suck it up and go this route. It is the most peace of mind.

 

[iizmoo]

They wouldn't be able to access it unless you give the unlocking password or store your encryption key on iCloud where they have a potential to access it. Have you been giving the Apple techs your password?

FileVault encryption isn't the same thing as all the iphone password unlocking nonsense with the FBI and Apple. It's actually pretty well rounded designed, unless you do something silly like giving people your password, or storing the decryption key on the cloud...

 

[i'mnewhere]

They wouldn't be able to access it unless you give the unlocking password or store your encryption key on iCloud where they have a potential to access it. Have you been giving the Apple techs your password?

FileVault encryption isn't the same thing as all the iphone password unlocking nonsense with the FBI and Apple. It's actually pretty well rounded designed, unless you do something silly like giving people your password, or storing the decryption key on the cloud...

In addition to filevault, you could also use a secure usb dongle to add second factor authentication at login