Creative Resources Technology Group

What Does FileVault Protect, and Should You Turn It On at Work?

June 4, 2026

FileVault encrypts the drive on every Mac, so a lost or stolen laptop doesn't hand over your files. Turn it on, store the recovery key somewhere safe, and you've closed one of the easiest data leaks in any office.

Yes. If a Mac ever leaves your office, FileVault is the difference between a lost laptop and a reportable data breach. It encrypts everything on the startup disk, so without the login password the drive is unreadable, even if someone pulls it out and connects it to another machine.

What FileVault actually does

FileVault is full-disk encryption built into macOS. When it's on, the contents of the drive are scrambled at rest. The Mac unscrambles them only after someone signs in with an authorized account. Shut the Mac down, and the data goes back to being a locked box.

What it does not do is protect a Mac that's already unlocked and running. FileVault guards a powered-off or locked device. It is not a replacement for a strong login password, an automatic screen lock, or keeping macOS up to date.

Why it matters more than people expect

Most data loss in a small office isn't a movie-style hack. It's a laptop left in a car, a bag grabbed at a coffee shop, or a machine that walks out the door when someone leaves on bad terms. Without encryption, whoever ends up with that Mac can read every file, email, and saved login on it. With FileVault on, they get a paperweight.

How to turn it on

On a current Mac it takes a few clicks. Open System Settings, go to Privacy and Security, and switch on FileVault. Encryption runs in the background while you keep working, and you won't notice it day to day. The one step people skip is the step that matters most.

The recovery key is the part that bites people

When you enable FileVault, macOS gives you a recovery key. It's the only way back in if someone forgets their password. Lose both the password and the key, and the data is gone for good. That's the point of real encryption, but it means the key needs a home. Store it somewhere safe and separate from the Mac, like a password manager or your IT provider's documentation, not a sticky note on the laptop.

Make it standard, not optional

Turn FileVault on for every business Mac and keep the recovery keys in one managed place. Once you're past a handful of machines, a mobile device management tool can enforce it and store the keys for you, so it's never one employee's job to remember. Set it up once, and every Mac that joins the company is covered from day one.

Curated for you

Keep reading

  1. Why Does Every Task Take Longer Than It Should? Usually It's Your Tools

    When work drags, the cause is rarely your team. It's almost always friction in your tools: apps that can't talk to each other, slow Wi-Fi, and tangled access. Here's how to find and fix the three most common ones.

    Feb 23, 2026Read piece →

  2. How do you use AI in a small business without making a mess?

    Pick one or two repetitive tasks, let AI draft while a person approves, and never paste customer or financial data into a public tool. That combination saves real hours and keeps your data off someone else's servers.

    Feb 16, 2026Read piece →

  3. What Is the W-2 Email Scam, and How Do You Stop It?

    The W-2 email scam fakes a message from your CEO asking payroll to send every employee's W-2. The fix is a flat policy: never email W-2s, and verify the request by phone first.

    Feb 9, 2026Read piece →
Blog

Want help applying ideas like this?

Fifteen-minute discovery call. No commitment. We'll map practical next steps for your Apple environment.

Book a call → or call 877 · MACS · 911