How to Protect Your Macs from FileVault Recovery Key Issues

If you are a Mac user, you may have heard about the recent updates to MacOS Sonoma 14.4 and 14.1 that have been resetting user’s FileVault recovery keys. FileVault is a built-in encryption feature that protects your data from someone who might obtain physical access to your device. 

During this update, users are presented with a new FileVault key. This means that they can no longer get into their encrypted data or change their passwords using their old keys. During this upgrade process there have been a few reported downstream issues such as the inability to disable FileVault and use the recovery keys for external disks. Some users have even had to erase machines completely when this happens. 

These issues can be very frustrating and potentially disastrous for users who rely on FileVault to protect their data. They can also pose a serious challenge for businesses that manage multiple Macs for their employees. How can you ensure that your Macs are secure and that you have access to the correct recovery keys in case of an emergency? 

What Are the Solutions? 

First, if this has just happened, check your recovery keys and make sure that it matches the one that you have stored or uploaded. You can do this by going to System Preferences > Security & Privacy > FileVault and clicking on the lock icon. Then, click on Recovery Key and enter your password. You will see your current recovery key displayed on the screen. Compare it with the one that you have saved or uploaded and see if they are the same. If they are not, you should update your records and backup your data as soon as possible. 

Today it’s Sonoma 14.4 and 14.1 and FileVault, yesterday it was something else, and tomorrow it will be something new. There are three main things companies can do to prevent data loss when using a primarily Mac device fleet regardless or the specific threat. 

• Use Apple Business Manager (ABM). Apple Business Manager is a web-based portal that allows you to manage Apple ID accounts for each user in the organization. This means when you hire and fire employees, now you can revoke the Apple ID account associated with the devices. You can also manage and assign roles to your Macs and other Apple devices. You can use it to enable FileVault on your Macs and escrow the recovery keys to a secure location. You can also use it to remotely lock, wipe, or restore your Macs if they are lost or stolen. Apple Business Manager is free to use and you can sign up for it here. 
• Use a MDM solution. MDM stands for Mobile Device Management and it is a software that allows you to remotely manage and secure your Macs and other devices. You can use a MDM solution to enable FileVault on your Macs and escrow the recovery keys to a secure location. You can also use it to enforce policies, monitor compliance, install applications, and perform many other actions on your Macs. There are a few MDM solutions available in the market, such as Jamf, Mosyle, or Addigy. You can choose the one that suits your needs and budget. 
• Manage your data well (data governance). You should always be aware of where your company data is and make sure it is in a secure location that the organization can control, monitor, back up, and plan for possible disruptions. No individual person or computer should have data that the organization cannot access or recover if they die. This means that you still need to replace the person or machine, but it means that nothing is lost. If your organization has only one billing person, that data should be on a shared drive that the organization can add others to later if necessary. If your organization has only one person who makes all the quotes, make sure you use a tool to track the leads in the pipeline. A spreadsheet on your own computer is not enough. That would disappear. Use a CRM product like Hubspot or Dynamics. If you have to use a spreadsheet, it should be on a marketing\sales drive that the right people can access. Your data and communications are essential for your organization’s survival. 

These solutions can help you secure your Macs from FileVault recovery key problems and make sure that you can access your critical business data. If you manage your employee Apple IDs with Apple Business Manager (ABM), use a well-configured MDM to manage your Apple device fleet, and apply proper data governance, your organization can be better prepared for inconsistent OS updates and cyber attacks. If you need assistance developing a tiered strategy for your organization, contact us. We would be happy to provide a free consultation! 

Simply call (210) 874-5900 or fill out our contact form by clicking here.