Security Tips for Mac Users
When Apple designed macOS, they started with technology that was pretty safe and solid for its time. However, macOS is still a commercial consumer operating system, designed for ease-of-use as well as security – and, as we said in our security tips for Windows 10 users, no complex system will ever be completely secure. Fortunately, you can make macOS safer by checking and tweaking some built-in settings and taking a few other simple steps.
Many of Apple’s security and privacy settings are conveniently collected together in the Security & Privacy pane of System Preferences, so we’ll be spending much of our time there. You might be asked to log in with your Apple ID before making changes. If you’re using an Administrator account, your changes will affect all accounts. Otherwise, they’ll only affect the account you’re using.
Keep macOS up-to-date. If your Mac supports the latest version of macOS (currently Mojave 10.14), install it and set up your Mac to update automatically whenever there’s an urgent security fix.
To update automatically, click the Apple icon; choose System Preferences > Software Update > Automatically keep my Mac up to date. Then, click Advanced, and make sure the following settings are turned on: Check for updates, Download new updates when available, Install macOS updates, and Install system data files and security updates. Note: If your Mac isn’t new enough to support Mojave or High Sierra, upgrade as far as you can. For example, El Capitan (10.11) is still available for 2007-2009 Macs running older versions such as Snow Leopard (10.6).
Keep your apps up to date, too. Give attackers fewer opportunities to find vulnerabilities. Firstly, make sure your Mac automatically installs updates for apps hosted in the App Store. In System Preferences > Software Update > Advanced, check the box next to Install app updates from the App Store. Next, uninstall old apps you no longer use, and if possible, upgrade apps that are no longer supported. For example, Adobe ended support for Adobe Creative Suite CS5 and CS6 back in 2014, unless you still have an active Gold Support contract you purchased before then. So, too, Microsoft has stopped providing security fixes for Office 2011, 2008, and 2004 for Mac. If you must keep using apps like these, apply any final security fixes made available before support ended.
Set up non-Administrator accounts for anyone who shouldn’t have full control over your Mac. When you set up your new Mac, you became its Administrator, with full rights to make computer-wide changes. But not everyone who uses your Mac should have those rights. And even you might not want to run as an Administrator yourself when you don’t have to. Apple provides three other types of accounts:
- Standard accounts that can install apps and change settings that only apply to themselves
- Managed with Parental Controls accounts that let you limit the user’s apps, content, contacts, and web access
- Sharing Only accounts that permit access to remote files but don’t allow a user to log in or reconfigure settings
To set up one of these accounts, click the Apple icon; then System Preferences, and Users & Groups. Click the + button at the bottom left; click New Account, and follow the instructions there.
Use Guest accounts, too. Occasional visitors don’t need a full account of their own. They can use the Guest account available at the login screen. When they do, they can run apps and access the internet, but can’t see files stored on your Mac. macOS creates a temporary workspace and trashes it when they log off. (Tip: If your Mac’s lost or stolen, and you’ve set up iCloud’s Find My Mac option, when a guest logs on and connects to the Web via Safari, Apple can track your Mac’s location.)
Don’t use Automatic Logon. It’s tempting but unsafe to let your Mac log on automatically whenever you start or restart it. If Automatic Logon is on, turn it off by clicking the Apple icon; then System Preferences > Users & Groups > Login Options > Automatic Login. Choose Off for each user who shouldn’t be permitted to logon automatically.
Protect your Apple ID with two-factor authentication. Two-factor authentication, supported by versions of macOS since El Capitan (10.11), protects you by requiring two forms of authentication: your password, plus a six-digit verification code Apple sends to another iOS device or Mac it recognizes, or to another phone number (via text message or automated phone call). To turn it on, click the Apple icon; then choose System Preferences > iCloud > Account Details > Security. Next, click Turn On Two-Factor Authentication, and follow the instructions.
Use strong passwords online. If you’ve upgraded to macOS Mojave (10.14) and you’re running Safari, it’ll help you – it can now create, store, and autofill strong passwords for you. If you’ve been committing the no-no of reusing passwords on several sites, and they’re stored in Safari preferences, it’ll flag those and help you change them – pretty neat.
Make sure anti-malware is running and up to date. Yes, Macs can be infected with malware. These days, macOS comes with basic XProtect anti-malware protection and some other safeguards. But Apple hasn’t always been as quick about updating them as we might like. if you’re here, you’re probably using a more complete and advanced alternative: Sophos Home. Our Premium Version adds powerful artificial intelligence that can halt malware it’s never seen before; advanced security that recognizes and halts unauthorized encryption; banking and identity protection features, and the ability to centrally manage security for up to 10 devices, both Mac and Windows – so it’s easy to protect your whole family.
Make sure your software and hardware firewalls are running. While macOS comes with a built-in software firewall to control inbound connections, it’s turned off by default. To turn it on, click the Apple icon; then System Preferences > Security & Privacy > Firewall. Click either Turn On Firewall or Start. (If necessary, you can allow certain applications through your firewall by clicking Advanced and following the instructions there.)
Nowadays, most people connect to the internet through a hardware router provided by their Internet service provider (ISP). That also has a built-in firewall that should be turned on and protected by a strong password. Your ISP’s website will tell you how to access your router and change your password if necessary.
Consider encryption. If someone steals your logged-on computer or remotely accesses your files, they can steal valuable data. Consider encrypting your entire startup disk with FileVault 2, available in each version of macOS since Lion (10.7). To set up FileVault 2, click the Apple icon, then System Preferences > Security & Privacy > FileVault. Log in as an Administrator, click Turn On FileVault, and carefully follow the instructions, especially the instructions for making sure you have an emergency way to access your files via iCloud, an online recovery key, or a local recovery key.
Use a VPN on the road. Mobile Wi-Fi hotspots can be unsafe. If you’re doing anything important, use a VPN that encrypts everything you send and receive. Your employer might already provide and require a VPN for use with the company network, but for many personal users, the easiest solution is to subscribe to a commercial VPN. If your VPN comes with its own app, you can skip most configuration steps. If not, you’ll have to enter some detailed information. Click the Apple icon, System Preferences > Network. Click the + symbol towards the bottom left, choose VPN as the type of interface you want to create, and follow the remaining steps there. Once you’ve established the connection, you can activate it by selecting it in the list of services available in the Network pane, choosing a configuration (if necessary), and clicking Connect.