Ntiva Live: Apple for Business

Mac Security

Episode Overview

Today, Ben and Ross discuss Mac-related cybersecurity. Learn what you need to know about securing, monitoring, and maintaining your organization's Apple environment.

Sign Up Today

Complete the form to register for the Ntiva Apple for Business Livestream series. You’ll get an email reminder before each livestream, plus an email with a link to the recording in case you miss any of the live events.

Episode Transcript - Mac Security

Ben Greiner:

Okay, let's get started. We're recording. Hi everyone. Today is Tuesday, November 2nd, 2021, live streaming from Chicago. I'm Ben Greiner, director of Apple Technology, with me is Ross Matsuda systems administrator focused on the Apple platform. And today we're going to talk about security, Apple Mac security. But before we get into that, I want to talk about some news.

Apple News

We'll get right into it. So the last time we talked about, I think it was the day after Apple announced their new MacBook Pros. Was that right, Ross? Does that sound familiar?

Ross Matsuda:

Yeah, that sounds on point.

Ben Greiner:

And we knew a little bit about them, but now we've had a little more time to investigate them. There've been lots of questions about these, so I wanted to talk through it and I wanted to give my own interpretation. And Ross, chime in here, please, in all of this. You see my screen with the chips?

Ross Matsuda:

Yep. Looks good.

Ben Greiner:

Yeah, these are Apple's photographs. I have no idea if they're authentic or not, meaning accurate or artist representation, but these are the ones supplied by Apple. We got out the M1, the smallest and weakest of the chips on the left. We've got the M1 Max, the most powerful and apparently largest of the chip sets on the right. And the way I look at that this is-

Ross Matsuda:

To confirm, we've just got a static image of the Apple.com website that says October 2021 Keynote on the screen. We don't actually have a chip diagram.

Ben Greiner:

We don't? Let's see. Okay, sorry about that. Let's-

Ross Matsuda:

There we go.

Ben Greiner:

Oh. Oh, I guess I can't move that screen to my other screen. Okay, well, whatever. You might see me turning my head here, but okay. So you see the M1 with the Office logo?

Ross Matsuda:

Yeah. Now we're in business.

Ben Greiner:

So I picture the M1 chip as being for basically anybody, your standard business user, also could be a student, home use, any of that. But if you primarily live in a web browser and Office, Microsoft 365 they call it now, the M1 is perfectly fine. In fact, Ross, for years, we avoided MacBook Airs in business because they were really underpowered. But the M1 MacBook Air is not, at least in everything that we're learning. And well, you have one, right, for testing?

Ross Matsuda:

Yeah. Yeah, and the thing, it works great. I've put a lot of time in, on it, just working on the Monterey installer and custom Big Sur installers that we use and it's agile. It's a really big qualitative difference from what we're used to seeing from Apple's entry level laptops.

Ben Greiner:

Yeah. So I would say today, an entry level laptop, although I would've avoided an entry level Intel, today I would recommend and support an entry level M1 and that's for pretty much everyone. Now, if you require more power, especially if you use the Adobe Creative Suite, then you're going to want to consider at least an M1 Pro, don't bother with the M1. You want the extra power. Plus, a lot of creative professionals, they like to have multiple screens and that is something that's important. The M1 chip set will only technically support one external display. I have heard that people have figured out how to get past that, but I would not trust that that will always work for you, nor will it work well. The M1 is built for a single external display, meaning your MacBook Air and one display. The M1 Pro can support multiple displays and the M1 Max can support several displays and a TV, I think. It's crazy.

Ross Matsuda:

Yeah, it's more screens than you will likely ever actually use.

Ben Greiner:

Yeah. But if you need the power of the M1 Max, or if you have the money for it, but certainly I'm not going to discourage a creative professional from saying, well, I will invest in the future, let me get a M1 Max. But if you're a video editor, you absolutely need and want the M1 Max. That seems to be what Apple built the M1 Max for, video editors. From what I understand, I'm not a video editor, but I've talked to them and supported them over the years and the amount of time it takes to render something in video or edit something in real time or offline is dramatically reduced with the M1 Max. They're super fast. And the fact that you can do this with multiple displays in real time sounds just incredible. Applying filters is instant and all that goodness.

Ben Greiner:

Now that comes with a price, obviously the M1 is the entry level and M1 Max is the most expensive. And each model has different tiers that you can go into and custom configure, but that's the general rule. And Ross, would you agree with that? Do you think that's a good high level summary?

Ross Matsuda:

I think in general, yes. I would say, especially if you're a developer settling around on an M1 Pro might be convenient. Of course, it depends on the industry you're in. But as someone who works with multiple virtual machines, having something that's got that extra horsepower for virtualization is very valuable to me. But for all the stuff that I build just in a text editor, M1 would be perfectly adequate for that. So always feel free to ask questions, but I think as a broad sweeping statement, this looks good.

Ben Greiner:

Okay, great. And let's see. Oh, and as a reminder, this is a slide I used last time, but so far nothing's changed my mind here. This is an Apple chart showing the performance. This is starting here at the M1, and the M1 Pro and Max way up here. And then the power consumption being how far ... The M1 uses less power, these are going to use more power, but relatively less power than an equivalent 8-core PC laptop chip, or 4-core PC laptop chip.

Ben Greiner:

Now, the reason I want to show this is my 2019 Intel MacBook Pro for power is way down here, almost half the speed, about 57% of the raw power of the M1. I have no idea how the power consumption relates, so don't try to figure that out. But I know it eats up a lot of power and there's no way this thing will last all day on a battery. But the M1, I have not tested this. But Ross, have you tested the M1 on a battery?

Ross Matsuda:

Not really. I mean, I tend to leave it plugged in most of the time. I do remember there was a while when I was testing OS reinstalls, did multiple reinstalls and I had both my Intel daily driver and the M1 next to each other. And by the time my Intel machine, my 16 inch, was down to 5% battery and needed to be plugged in, I think the M1 was at about 88%.

Ben Greiner:

Wow.

Ross Matsuda:

So it was really staggering. I also just want to pipe in here, we got a question here.

Ben Greiner:

Oh, great.

Ross Matsuda:

Yes, we did receive your email earlier. I believe that as far as the raw hardware is concerned, yes, for graphic designers, I think it's more than adequate. The biggest question here is always going to be your exact workflows. So generally speaking, we can expect Adobe and other major, major software vendors to be very on top of their game, as far as software compatibility for Big Sur, for Monterey and for writing apps that will either run natively on Apple Silicon, or play really nicely with Rosetta 2.

Ross Matsuda:

The big things to keep an eye out for are going to be any legacy applications that you also use in those graphic design workflows. This can be especially important for certain types of third party plugins and font managers. Extensis I know has been, I think tested and pretty much operational. I'll need to check my notes to confirm. But as far as just talking computational capabilities, yes. What we're reading up on and the benchmarks that we're seeing, I believe that the M1 Pro and Max systems are going to be more than adequate. You just got to make sure that the software that you're running is compatible.

Ben Greiner:

Yeah, and I've got a slide on that. In fact, the question, I don't know if you said it Ross, but the question is if you're a graphic designer, do you think the M1 Pro and Max is there and ready for prime time? And we're one year into, well, we're now in year two of Apple's transition to the M1 chip. And let me go back a slide. Whoa, whoa, whoa, too many slides.

Ben Greiner:

Okay, so I wanted to point out, we do have a new website in conjunction with Apple that talks about 11 reasons Mac means business. It's very similar to Apple's website. They gave us permission to build our own. And you can go to this URL to get more information. But what you were talking about Ross, and the question I think will address is a website I still rely on, which is Apple Silicon Ready. And let me share my entire screen and let's take a look at this. No, not photos. I opened the wrong app. Okay, screen share. Where's screen share? Okay. So let me just minimize this.

Ben Greiner:

So you see Is Apple Silicon Ready? This is still a great resource to see if your applications that you use every day are ready for M1. And a lot of the Creative Suite has a lot of green check boxes, which is fabulous. It's optimized, means optimized for M1. And I think with M1, we know M1 Pro and Max would be included in that. So there are some exceptions, and I don't know if Adobe Dimensions is even still being updated. I don't know why it's laggard here, but most of the big apps, Photoshop, Illustrator, InDesign work, not only in Rosetta 2, but also on the M1.

Ben Greiner:

So I still recommend you test an M1. Don't go out and buy 20 of them for your entire team until you buy one and make sure that it's fully functioning. But I'm feeling more and more confident about the M1s. In fact, we just ordered some M1s for our team. If we go to Microsoft, we can see that even though they have a few, Teams being a big one that I use every day, it's not M1 optimized, however, it is has a green check box for Rosetta 2. And I do know for a fact, because I know people at Microsoft who run Max, that they are running M1 Max with Teams in Rosetta 2 and not having an issue with it. So Microsoft is feeling good.

Ben Greiner:

I wanted to ask you, Ross, about Box because I did look at Box, it's got a few warnings here and I think we ran into this early on. Do we know if it's been resolved?

Ross Matsuda:

I'll just double check. And for the last couple builds that I've ... Oh yeah, got it. They're still looking at the beta release.

Ben Greiner:

Oh, here?

Ross Matsuda:

Yeah.

Ben Greiner:

So it just hasn't been updated?

Ross Matsuda:

Yeah. Box has been phenomenal as far as adopting system file extensions over system extensions, kernel extensions. So the file provider extension is something that's tailor made just for apps like Box or like OneDrive to be able to run without needing to go through all the trouble of a legacy kernel extension or something like that. And I know that Box has a plan where I think it's like one month after they launched the official version that contains all of this, the software will automatically switch over from using the legacy kernel extension, if detected, to using the file provider extension. They have all this information on their beta page, but a big thumbs up in general for Box on Apple Silicon.

Ben Greiner:

Okay. So this is a situation where even this database is not up to date on everything and it would make sense that Box is supporting M1s, because I know Apple uses Box and I know Box is the only platform other than iCloud that supports collaboration on iWork files, right?

Ross Matsuda:

I haven't seen another one do that yet.

Ben Greiner:

Yeah. So as far as I know, they're the only platform. And yeah, I was a little surprised to see this, but it makes sense, this database is not up to date. So this is a resource, it's not an end all, be all. You can also check the website. And in fact, I look for Extensis here and they're not even listed, although I do know they have M1 compatible and I think Monterey compatible apps today.

Ross Matsuda:

Yeah. Let me just-

Ben Greiner:

Okay, you'll look that up?

Ross Matsuda:

Yeah. Let me get out of full screen viewing. I've been keeping tabs of all this stuff, all the way through the beta releases of Monterey running on that M1 MacBook Air. I'll just pull up my notes from those apps.

Ben Greiner:

Okay. So that's a resource. Of course, reach out to us if you need any assistance. But now that Apple has an entire notebook line of M1s, there are no options for Intel. I think the time is right to start investing in the M1 full on, but I still caution to test it because there's so many caveats. And I think for the most part, I've heard no complaints about Rosetta 2 or if I have, they've been online and they've been very rare, very specific. I remember the early days of the original Rosetta, there were some challenges, but Rosetta 2 seems to be much more refined.

Ross Matsuda:

Yeah, it seems pretty solid. The only thing I ever heard about it was how you need to sometimes for apps that are Apple Silicon ready, if they're using Rosetta 2 based or Intel based extensions, you might need to go into the app and then tell it to run in Rosetta instead of in the native [crosstalk 00:15:36]-

Ben Greiner:

Oh yeah.

Ross Matsuda:

And that's what my notes are for Universal Type Client and Suitcase Fusion, which is both were running as of beta 7 and then beta 10. Plugin installation requires admin access. Nothing fancy there. Adobe auto activation plugins, the last time I had checked were still Rosetta required. And that was where you could go into Photoshop and tell to run in Intel mode, force it to run in Rosetta and then the plugins would work.

Ben Greiner:

Okay. The next slide, which blends in, wow, almost perfectly with my backdrop here is macOS Monterey. So last Monday, Apple, as promised, released Monterey, which is macOS, is it 12, Ross?

Ross Matsuda:

Yep. We are up to 12.

Ben Greiner:

Yeah.

Ross Matsuda:

They just keep coming.

Ben Greiner:

I still can't get it in the habit. It's been so long of the 10 dots that I'm having trouble shifting. So yeah, here it is, 12.0.1. They kind of surprised us. Normally it'd be a version 12 release, but it was a 12.0.1 release and they released an update to Big Sur at the same time.

Ben Greiner:

So I know Ross has aggressively been beta testing Monterey for many months. I upgraded over the weekend. My experience has been non exciting, which is good. There weren't any issues and it just seems to work other than a different color, some slightly different backgrounds and features. I will say it does take a while. I have a really fast internet connection and it still took a while to download everything and get it ready. So don't try to do this over a lunch break or before you have anything urgent to do. I started mine basically Friday evening with no plans of using it until Monday morning. And I came back after having dinner and it was still doing its thing. So I'm not sure exactly how long it took, but it took a while.

Ben Greiner:

We did run it on a Mac Mini and the Mac Mini lost Bluetooth. We haven't figured out how to fix that yet. It might get fixed in a new update from Apple. I did submit feedback to Apple. And for anyone who wants to submit feedback to Apple, they do listen to feedback. If you Spotlight search Feedback Assistant, you'll find an application. And if you double click that, you can log in with an Apple ID. I think it's any Apple ID. I don't think you need to be a developer. Do you know, Ross?

Ross Matsuda:

I'm used to these being developer accounts only, but given that it's been baked into the operating system as of Monterey, they may have loosened that.

Ben Greiner:

Yeah. I'm pretty sure I used my own personal Apple ID to submit the request and I don't think that one's linked to a developer account. So I think anyone with an Apple ID can submit feedback and including screenshots. So I submitted one basically showing that my Bluetooth was ... It was as if the machine thinks it doesn't have Bluetooth.

Ben Greiner:

That's my own personal experience on that one particular Mac, but you can imagine if that were my only Mac, it might be a little frustrating, if I didn't have a wired mouse to plug in. This computer I'm running, I got a wired keyboard and a wired mouse, and if I lost that, that'd be pretty frustrating. I have not figured out how to fix that yet. Ross sent me some suggestions. I did some Google searching. I tried some things. I even reinstalled the OS. It just lost Bluetooth by upgrading to Monterey. So things like that can happen, be prepared. But hopefully those are rare. Have you heard of any issues, Ross?

Ross Matsuda:

I haven't run into anything major. And I think the big scare was still the issue with upgrading operating systems from Mojave and earlier, jumping straight up to Big Sur and to Monterey. But now that the community found what we believe to be the source of that, I'm building automatic remediation into all of our installers for Big Sur and for Monterey to make sure that we can take care of that and prevent it from being a problem before it happens. Otherwise though, no, I have a heard any really big major issues that we're seeing in 12.0.1.

Ben Greiner:

I think there're always issues, but you never know the full story or the use case around them. But overall, I think this seems to be one of the smoothest upgrades and we want to definitely get it in the hands of all of our clients, as soon as possible. It's still a little early, it's only been a week. We do have a blocker in place, so to prevent anyone from accidentally upgrading. But if you have a legitimate reason to upgrade or you have a test machine and you need to get that installed, reach out to us so we can help you bypass that blocker in your organization. Anything else you want to add to that?

Ross Matsuda:

Yeah. The only other thing that popped into my mind was I know there's an article published recently about some users running into issues with USB-C hubs. Not a lot of hubs, not most hubs, but a couple hubs. And then there was a similar thing about external displays. I think it all sort of boils down to there might be a couple different types of chip sets in USB-C accessories. But this is another one of those reasons why we always say, at least wait until the 0.1.

Ben Greiner:

Yeah. Yeah. I mean, it's super important to have your software up to date. I don't know, I can't say for sure that these third party products are ... Maybe they're not popular products or old products, there could be a reason for it. But I'm using an Apple display that's very old, the Apple Cinema, is it Cinema Display? Is that the name? It's still a great display, solid, but it's driverless, I've never had to deal with drivers. And I would say anything that requires you to install a driver these days is a little bit of a red flag. Is that too strong a statement?

Ross Matsuda:

I mean, I'd say not in every organization because I know of course I know you need driver sets for like Wacom tablets and things like that. But for a lot of types of peripherals, we really do expect ethernet adapters, USB hubs, displays. You expect those to be driverless at this point.

 

Mac Cybersecurity

Ben Greiner:

Okay, so we promised we would talk about a review of Mac security or at least an introduction and review of Mac security. So we have some time left. I want to get to that, but it was super important to talk about those other items. So this is very high level, but it's worth repeating and it's worth discussing because security is super important to all of us today.

Ben Greiner:

And the number one thing is enroll in an MDM, because only with an MDM do you have all the capabilities as an organization to manage and secure your devices and not just say that you're doing it, but actually validate and prove that you're doing it. And for those of you who have ever had to sit through a security audit, whether it's to prove that you're secure enough to work with another organization or for insurance claims, and I've done that several times, sat through a security audit, it's not enough to say, we ask our employees to do this. They will say, great, show us proof that your employees are doing this. And it's best effort, it doesn't have to be completely perfect and up to date at all times, but you have to say, this is our system, this is how we do it, this is how we validate it, this is how we prove it.

Ben Greiner:

And MDM for those of you that don't know, MDM is mobile device management and it's a framework that we adopt and participate in full on and we encourage our clients to do the same. And what's interesting is sometimes I have conversations with mostly prospects, but people who hear the word mobile device management and they're a little wary and they don't want their devices to be managed, but that's kind of the opposite of security today.

Ben Greiner:

And I wish there was a better word. I don't know if there is, because management does sound a little like, oh, you're going to manage me? Are you going to see what I'm web browsing or texting? And that is not what it is. It's mobile device management. It can only see what your device can and cannot do. It cannot see the content of your websites or your messaging or your emails or any of that. The privacy is completely there. Apple's concerned about security and privacy.

Ben Greiner:

Anything you'd add to that, Ross, that little speech I just went on?

Ross Matsuda:

It's pretty good over the top. There's a lot of, CMMC and other like NIST, security requirements and recommendations. A lot of those boxes get checked just by being enrolled in an MDM because it opens up the ability for you to do things like remote lock, remote wipe. Apple has a whole suite of MDM commands that allow a lot of these higher end actions to take place.

Ross Matsuda:

And at the end of the day, this also, it gives you visibility from a support standpoint. We can't really do much for an organization until they're enrolled in MDM because we don't have any visibility. We can try to talk people through things over the phone, but as far as taking action on their devices, especially in an emergency, we really need to have the MDM enrollment in place.

Ben Greiner:

Yeah. And I know I'm talking to the choir, if I'm talking to Ntiva clients, unless you're not yet migrated into our new Apple device management system, we're still working to get all of the Ntiva clients migrated over all the legacy, forget computers, clients have been in this system for quite a while. But this is super important because it lays the foundation for you, not only to do what you need to do for your own organization's security, but also as Ross said to meet the security needs that we don't even know yet, like they're coming, or we have to adjust, or your business changes and you need to make a change. And if you don't have MDM in place, it's really hard to make those changes.

Ben Greiner:

Password logins, or rather having a structure around your logins. And for us, this involves either a password policy or integration with something like Addigy Identity, which we discussed, was it last time or two weeks ago?

Ross Matsuda:

I think it was two ago.

Ben Greiner:

Two live streams ago. Addigy Identity, the idea that you can log into your Mac computer and authenticate with either your Office 365 credentials or Microsoft 365 credentials, that's the new term, your Google workspace credentials, or your Okta credentials. But having some structure around that rather than just giving your team computers and letting them choose how their passwords are generated. We'll talk about it in a minute. FileVault is super important in encrypting the hard drive. But if your password is easy and guessable, then you're basically leaving the door open to unlocking the machine.

Ben Greiner:

Screensaver lock. I don't know how much we enforce this, Ross, but I know for those teams that are super security conscious, it is something that can be enforced and should be enforced. And even just building the awareness of, if you walk away from your computer, even in your own office, I would recommend if you walk away from your computer, maybe not in your home if you're the only one there, but if you're at the office where people are walking around, lock the computer before you step away from it to go to the restroom. You could get distracted and be away for quite a while and if your machine is sitting there with email open, getting updates, and anyone can just walk by or sit down, it's a good habit to get into. And especially if you're at a coffee shop, you've got to do this, right? So screensaver lock is basically automating the process by which the computer can be locked or auto locked, if someone doesn't manually lock it. And there are lots of options, we won't go into all the details here.

Ben Greiner:

And Ross, chime in on any of this stuff as I'm going through it.

Ross Matsuda:

Yeah. No, so far, so good.

Ben Greiner:

But we're almost time.

Ben Greiner:

FileVault recovery key. So FileVault is how you encrypt your computer, but unfortunately we run into a lot of situations where people have FileVaulted their computer, but they don't have the recovery key. Now we work through that, if you're a client of ours. It starts with MDM. You need MDM to store that recovery key or escrow the key. But if you don't have MDM and you're allowing your employees to encrypt the computer using their passcode, then you're beholden to your employees and their passcode. And we've gotten way too many requests, once again, typically from prospects who come to us and say, we've got this machine, but we can't unlock it because the employee doesn't work here anymore. Could you help us? And it's often too late at that point, there are some things you can do. If you can provide proof of ownership to Apple, you might be able to get that unlocked, but that's not an easy process.

Ben Greiner:

And the last one, which is why it was so important that we talk a little bit more about Monterey is update your macOS. And Ross, in fact, we have some new, maybe not new ways of updating, but new, what, nudges or pings or reminders. We're making some changes. Can you talk about that?

Ross Matsuda:

Yeah, sure. What we've been doing for the last little while is we publish new patch definitions when Apple launches new security updates and then we use a framework called Nudge to ask users, hey, we need you to click on software update, click the update button, and let your computer do its thing. What we're going to be doing going forward is we're keeping that framework in place because that's still very, very important for Macs for any update that requires a restart. If it doesn't require a restart, we can usually take care of that for our managed devices, totally invisibly, no action required.

Ross Matsuda:

And what we're looking to do is in preparation for Monterey, which includes some really powerful new software update management tools is we're going to be deploying, starting next week, an updated MDM configuration that is going to begin automatically, not just searching for and downloading these patches in advance to help you speed up the process, but it is actually going to try to install them automatically as well. And what that does is it just goes through some preparatory steps in the background while you're using your machine. You'll get a notification center update that says, hey, this update is pending for your computer, do you want to restart an hour later?

Ross Matsuda:

And then starting in Monterey, there's some additional functionality there that will actually allow the computer to try to determine based on machine learning when you don't use your machine, when it's idle, and then it will try to install the update in those periods of time. So if you leave your computer plugged in overnight, it's not asleep, the computer will say, oh, nothing's going on, I guess now's a great time and it'll try to take care of that for us.

Ross Matsuda:

And so as we prepare to get ready to be able to adopt those features, we're going to begin leaning more heavily on Apple's provided software update mechanisms, in addition to the nudge notifications that we already do just to try to keep people as agile as possible and to make sure that we're getting these run as quickly as we can.

Ben Greiner:

Yeah. And just to say it another way, Apple's been doing this for years with their iPhone process of updating iPhone and iPads, and now they're bringing pieces of that to the macOS. So we want to take full advantage of that to help people stay up to date with updates and then with upgrades, which the upgrade from Big Sur to Monterey, we want to be much more aggressive for security reasons in getting people to Monterey, or at the very least to Big Sur. The days of keeping a Mac on an old OS, just because it's working and doesn't require changes, I think that is quickly becoming like you can't do that anymore. It's a security risk. Apple, like a lot of companies today, they just can't patch everything forever. So they have a cutoff and their cutoff is what, current -2, Ross?

Ross Matsuda:

N-2. That's why you're going to see that term thrown around, which means for the moment Catalina and higher. So Monterey, Big Sur, Catalina, those three OSs are supported. Any devices on Mojave are not going to be getting any further security updates, or High Sierra and earlier. All those machines, if you've got those in your environment, just be aware that when all these new vulnerabilities are reported and being patched on newer operating systems, those patches are not going to make it to your work stations. And so obviously yes, there are rare business cases where you need to keep a device on an older OS for very specific compatibility purposes, but unless you fall into that very, very narrow use case, we got to get your devices upgraded.

Ben Greiner:

Yeah. Okay, so it's super important that you work with us. If you go into Vision-Bot, everyone who's a client, primary contact has access to Vision-Bot and we can see your devices and see the state and see the operating system. And if you're more than ... Let's see. Very few people would be on Monterey today. A lot of people would be on Big Sur and several would be on Catalina, which is 10.15, right?

Ross Matsuda:

Spot on.

Ben Greiner:

Yeah, okay. Anything older than that, 10.13, 10.14, 10.12, any other names, you really need to think about getting those upgraded or replaced. It's a good chance those Macs are old and need to be replaced. Trade them in, get some money back, buy new ones.

Ben Greiner:

What else do we have here? Okay, so there is a great website Apple has about Apple Platform Security. I was going to go into that a little more, but we don't have time to do that. And if I click on ... No. Can I? I thought I had enabled that. Let's see. Oh here. I got it right here. I'll just show it to you. So Apple Platform Security updated in May of this year. It talks about their hardware, their software, how they do things across the entire ecosystem.

Ben Greiner:

And it's a really great resource, but certainly a lot of our clients don't need to know this, they just need to work with us and say either here's what we want to accomplish or how can we be more secure. We're always pushing baseline security as much as possible, but sometimes we need some cooperation and interaction with our clients to go to the next level of security because it takes communication. You don't want to surprise people with some of these security changes. It could be frustrating if they don't know what to expect.

Ben Greiner:

Okay. We are out of time. I do want to share one quick story and I should have shared this at the beginning, and for those that have to go, you can leave, but a little bit of a venting about technology.

Ben Greiner:

So this past weekend, Ross, I get an alert on my phone that my Nest Protect ... Nest Protect is basically a modern day fire alarm. Everything's fine at home. I'm not home, but it says my batteries are running low and I need to replace them. Okay, that's understandable, I get that. But I'm not home, so I can't do anything about it. And of course, when I get home, I completely forget about it. There's no reminder. I should have set a reminder for myself, but didn't think about it. I figured I had some time. So last night at 3:00 AM, the alarm is beeping. You know how you get the UPS batteries that go bad and they start beeping or even the old fire alarms that would just chirp?

Ross Matsuda:

Classic.

Ben Greiner:

Yeah. This thing starts beeping at 3:00 AM. Okay. So Christine wakes up first, my wife. She wakes me up and she's like, I can't figure out what's going on. I knew immediately what it was, it's the Nest Protect. So I get my phone from the side of my bed at 3:00 AM, the phone wants my passcode and I'm like, I'm wearing my Apple Watch. I've got face ID. What happened? Why now do you need my passcode? It's 3:00 AM. I do not have an easy passcode. It's a secure passcode. I'm trying to type it in, of course I don't get it right the first time. I breathe, I type it in, I get it unlocked. I get Nest Protect app open. Everything's looking good. I'm going to turn this alarm off. No, you cannot silence that particular beep in the app, or at least I was not capable of figuring it out at 3:00 AM.

Ben Greiner:

I had to go get a ladder because this thing is high up in our loft. I had to go get a ladder and climb up. And I'm thinking, this is how people injure themselves. No one should be up on a ladder at 3:00 AM upon immediately waking from sleep. And of course, everything works out fine. I was able to take it off the wall, rip the batteries out, throw them on the ground and try to go back to sleep, which is not easy to do after you've been through all this. So I'm a little tired today.

Ben Greiner:

But it seems like technology can smarter be than that and it could have given me a little more notice than just one time on the weekend. It could have given me the option to silence it, at least temporarily, maybe 24 hours. I would've taken even eight hours. And of course, I don't quite understand when the iPhone requires my passcode and when it doesn't. I know it's periodic, like it has to periodically verify typing it in. But the fact that I had already authenticated my Apple Watch and went to bed knowing I hadn't taken it off and you can unlock one device with another device. I don't know. I guess you can have someone just walking up to your bed while you're sleeping and taking your phone, so that watch wouldn't do it. But it was just bad timing. So that's my vent, that's my story.

Ross Matsuda:

Fair enough.

Ben Greiner:

So with that, we'll see you in two weeks. And our topic, you want to guess what our topic is, Ross, in two weeks?

Ross Matsuda:

Let's see. Nope.

Ben Greiner:

Employee resources to be productive and self-sufficient, which is about self-service.

Ross Matsuda:

Ah, micromanage.

Ben Greiner:

Yeah. We'll see you in two weeks. Thanks everyone. Bye.

 

About the Ntiva Apple for Business Livestream

Ntiva’s Ben Greiner hosts the Ntiva Apple for Business livestream every other Tuesday from 12:00 to 12:30pm CT. These live events, presented by the Ntiva team of Apple experts, are sharply focused, easily digestible, and cover topics including the latest Apple/macOS/iOS technology updates, cybersecurity, data privacy, MDM and BYOD policies, and more! We take questions from the audience and share what's working—and not working—for us and others in the industry.

VIEW MORE LIVESTREAMS