Skip to main content

Digital Safety Protocol

Ofir Gal
Updated

Digital Safety Protocol: MacOS & iOS Security Guide

it-security-protocol-qr.png
This guide outlines essential security behaviours for all household members and staff using company-managed Mac and iOS (iPhone/iPad) devices.

Key Note: All devices are professionally managed, secured, and protected by anti-malware software. Your cooperation is the final, most important layer of defense.

🖥️ New Device Enrollment (MANDATORY)

Any new Mac, iPhone, or iPad acquired for use by staff or family must be immediately reported to the IT/Support team.

Ideally, new devices should be sourced via the Apple Business Manager (ABM) program. This ensures they are automatically protected and enrolled in the MDM system as soon as they are first switched on (Zero-Touch Deployment).

All devices must undergo the enrollment process to install required security software, management profiles, and ensure compliance before they are used for any sensitive communication or data access.

1. Physical Security & Access Control

Your device contains sensitive household information. Treat it like a key or wallet.

🔒 Device Locking

Action Detail
Passcode/Face ID/Touch ID Always use a secure Passcode (4-digit codes are forbidden). Enable Face ID or Touch ID immediately upon setup.
Auto-Lock Never disable automatic screen locking. Your devices are configured to lock quickly when inactive, which is a critical security measure.
Leaving Devices Never leave your device unattended in public areas (cafés, airports, etc.) or in plain sight within the home where unauthorized guests or temporary staff could access it.

🚨 Lost or Stolen Devices

If a device is lost or stolen, every minute counts:

  1. Immediately report the loss to the IT/Support team (or designated point of contact).
  2. Provide the time and last known location of the device.
  3. Use "Find My" from a different device to try to locate your lost device. 
  4. IT can initiate a remote lock and wipe procedure if needed.

2. Digital Defense: Threat Recognition

The most common security threat is Phishing—when criminals trick you into giving them information.

🎣 Recognizing Phishing Attacks

Phishing attempts can come via email, text message (smishing), or phone calls (vishing). They aim to create urgency or fear to make you act without thinking. These attacks often direct you to highly convincing, yet entirely fake, login or service websites designed to steal your credentials.

Red Flag Check
Unexpected Sender The email or text seems to come from a bank, Apple, or a colleague, but you weren't expecting it.
Urgent/Threatening Tone Messages demanding "Immediate action," threatening to "close your account," or promising "too-good-to-be-true" prizes.
Suspicious Links Hover over the link (on Mac) or press and hold the link (on iOS). If the link address does not exactly match the company name (e.g., it says apple-support.co instead of apple.com), DO NOT CLICK IT.
Asking for Passwords No legitimate company or staff member will ever email or call you asking for your password.

🚫 App & Software Usage

Your devices are protected by the MDM system, which controls which apps can be installed.

  • Only download apps from the official Apple App Store (for iOS) or the Managed App Catalog (if available on Mac) or well known websites you trust.
  • Never attempt to download or install applications from unknown sources.
  • Update Prompts: Always update your macOS, iOS and apps as soon as possible. These updates contain responses to the latest security threats and leaving them outdated exposes the users to harmful exploits. 

3. Best Practices & Accountability

🔑 Account Passwords & Passkeys

While your device passcode is managed, you are responsible for securing your personal and application accounts (Gmail, Amazon, social media, etc.).

  • Complexity is Paramount: Passwords must be long and complex (12 characters minimum recommended), using a combination of upper/lower case letters, numbers, and symbols. Never use dictionary words or personal information.
  • Do not include words in your passwords. Summer2025 or Moon7511 are bad, instead use random character sequences like Sugx-hJy85-TRsa or uHgsmer&25aBxxqw
  • Never Reuse or Adapt: Never reuse the same password or use similar variations (e.g., Summer2025! and Summer2026!) for more than one account. Every service requires a unique password.
  • Never Share Passwords: Crucially, never share your passwords, passcodes, or PINs with anyone, regardless of their role or relationship.
  • Videoing Scam Alert: Be extremely vigilant when entering passwords or PINs in public. Some scams involve thieves subtly videoing the user as they input their credentials, then physically stealing the device to gain access.
  • Use Keychain/Password Manager: Utilize the built-in iCloud Keychain (or a designated password manager) to generate, store, and auto-fill long, complex, unique passwords safely. Note: If you use a non-Safari browser (like Chrome), ensure you enable the official iCloud Passwords Extension on Mac (https://tinyurl.com/icloudext), or check your iOS device settings to confirm Keychain is active for AutoFill, rather than using the browser's native password manager.
  • Use Passkeys: Where available, enable Passkeys instead of passwords. This is the most secure login method.
  • Two-Factor Authentication (2FA): Always enable 2FA (or Multi-Factor Authentication) on every account. Be aware that this feature is often optional on services and must be manually turned on in the account's security settings. When enabled, you are asked to sometimes verify the login on your phone.
  • Use a 2FA Authenticator if possible: In many cases services can use text messages (SMS) for the 2FA authentication. This is less secure. Always select to use an authenticator app like Microsoft Authenticator or the one built-in with macOS.

🌐 Secure Browsing

  • Protect Against Session Hijacking: Session hijacking occurs when an unauthorized person takes over your active logged-in account (e.g., email or bank) without knowing your password. This can happen over unsecure public Wi-Fi networks or by clicking malicious linksAlways log out of sensitive websites completely when you are done.
  • Avoid Public Wi-Fi for Sensitive Tasks: Never perform banking, online shopping, or access highly confidential work/family documents over unsecured public Wi-Fi networks (like in a café or hotel lobby). Wait until you are connected to a trusted, secure network.

4. When in Doubt: Stop and Report

If you encounter anything unusual—a suspicious message, an unprompted pop-up, or a strange system behavior:

STOP. DO NOT CLICK.

Immediately contact the designated IT/Support staff. It is far better to report a false alarm than to risk a security breach. We are here to help and appreciate your vigilance.

Related to

Related articles

Comments

0 comments

Please sign in to leave a comment.