DesignRegeneration Blog

Securing sensitive data on your Mac’s hard drive is not difficult, even if (like me) you have delayed setting up any kind of protection. Carelessly, I had stored personal identity information on my home iMac, and I needed a simple way to tighten up security.

First of all, I chose not to use FileVault. When it is enabled, FileVault encrypts and your entire user home directory. This is certainly a good option for some people, but I chose to only encrypt certain sensitive files.

Here are seven simple steps to securing your data with links to more information on each step:

1. From now on, use “Secure Empty Trash” when you empty sensitive files from your Trash. Also, don’t save sensitive files in your trash for someone else to recover when you are not looking.

2. Erase data on your hard drive that you have already deleted. It may seem strange that you need to delete your files after you have already deleted them, but the fact is that deleted files are recoverable.

3. Create an encrypted DMG to store sensitive data. This is an encrypted disk image, or a file that acts like a hard drive. Use it to store sensitive files. It’s absolutely critical that you remember the password you use for this.

4. If you are using Time Machine: Wipe your Time Machine backup disk and start over. Use Secure Erase in Apple's Disk Utility to do this. If you previously had unencrypted sensitive information saved on your hard drive, chances are that there is a copy of it on your external Time Machine backup disk.

5. Create a “No Backup” folder to exclude from Time Machine backups. Use this folder to work on sensitive files when they are not stored in your secure DMG.

6. Set up account passwords for all your users.

7. Finally, require the password to unlock the computer when you are away. These last two steps are a good practice and keep most snoopers out.