Data Security on my Macintosh

I have a MacBook Air. By definition it’s a portable computer. As such it travels with me. It is therefore at risk of being lost or stolen when I’m out and about in the big wide world. Actually the Air is so light I can’t tell if it’s in my laptop bag! I’ve often had to check to see if I still have it when walking to a gate in an airport.

So what do I do to protect the data on my MacBook Air? I do a lot. I encrypt the data to protect it if I lose the laptop. That’s to stop anyone getting access to my data if they have my computer. I also do backups so that I can put my data back on to a new computer if required.


I use 3 levels of encryption on my MacBook Air. I am running OS X Lion. This has a feature built in called FileVault 2. This provides full disk encryption and boot protection. The encryption is XTS-AES 128bit. I use a strong password (long password with both letters and numbers) and when I turn on my MacBook Air it asks for this password. Until it is entered the Mac does not load the operating system. Data on the hard disk is encrypted and can’t be accessed without this password. So if someone steals the Mac (or finds it!) they can’t get the data unless they guess the strong password. If you have a portable Macintosh and are running OS X Lion you should turn on FileVault 2.

I also use a disk image with AES-256bit encryption to store work related files. This uses a separate strong password from the one I use for FileVault 2. I also don’t store the password for this disk image in the Macintosh Keychain. This stops the disk image being used until the password is entered. So if someone does get past the boot password, then my important work stuff is protected. Apple have a support article on creating a disk image. Make sure to create a sparse disk image that only uses the space it needs. So a 40GB sparse disk image will grow in size from zero up to 40GB as you store files in it.

I have to use a Microsoft Windows 7 virtual machine for work related stuff. I use Parallels Desktop for Mac 7 to host this on my MacBook Air. This has a feature to encrypt the virtual machine file. I have this turned on and use a different strong password to protect it. This password is required to boot the Windows operating system in the virtual machine. Another popular virtualisation solution for running Windows on a Macintosh is VMware Fusion. Version 4 of this has the ability to encrypt virtual machines. If you are running VMware Fusion and want the extra level of protection for your Windows files then upgrade to version 4.


Backups are essential. You have to back up your data. Fortunately this is easy on a Macintosh. The last few versions of Mac OS X (renamed to just OS X Lion with the current version) include a feature called Time Machine. This is the simplest way to backup your Mac. Buy an external USB drive. If you don’t know how to format a drive for Mac then buy one that is already formatted for Macintosh. Or ask me how to format the disk on Twitter or via email using the link in the sidebar. When you have the disk, plug it in and answer Yes when asked if you want to use it for TIme Machine! That’s it. Plug the disk in when at your desk and backups will be done on the hour.

I also use a 50GB DropBox to keep a copy of my personal files up in the cloud. This means they are available from anywhere and are safely offsite in case something happens to my Time Machine backup. If you have any really important files you could put them in an encrypted sparse disk image that you store in your DropBox. You can get a free DropBox account that gives you 2GB of offsite cloud storage.

Protecting Passwords

Another way to protect your data is to use strong passwords, and different passwords for each service that you use. I’d strongly recommend checking out 1Password to store your strong passwords. Even better let 1Password generate random strong passwords for the services you use.


Powered by WordPress. Designed by WooThemes