MacBooks come with a variety of built-in security settings, but they are not always used to their full advantage. This can leave your data and privacy vulnerable to cybercriminals. While it’s not possible to totally lock down and secure your computer, you can maximize your Mac’s security and privacy and protect yourself from cyber threats by going through your settings and establishing a good set of defenses. Read on to find out how.
It’s important to keep your apps and Mac operating system up-to-date because security updates address software vulnerabilities. If you don’t keep updated, hackers could exploit vulnerabilities to gain access to your data. Modern Macs have automatic updates enabled by default – it’s worth checking that your computer is properly downloading them.
To make sure software updates are running correctly:
To make sure app updates are running correctly:
FileVault is software for encrypting your device. It jumbles up your device’s data so that it’s incomprehensible to anyone without your password. This means if you lose your device or it’s stolen, nobody else will be able to access anything on your storage drive. On more recent Macs, FileVault is probably enabled by default. But if you have an older Mac, or you opted out of the feature when you set up your Mac originally, you should check to see if it’s turned on. To do this:
Apple gives you the option to store your recovery key in your Apple account or locally. For most people, if you have a strong password for your Apple account, you’re better off storing the recovery key there. But if you’re not comfortable with that, or if you store a lot of very personal data on your device, you can opt to store the code yourself. If you choose to do so, it’s important that you don’t lose the key or forget the password you create, as you won’t be able to access your data if you lose either one.
Knowing how to password protect a folder on Macs is useful. This feature allows you to store sensitive information and ensure that only somebody with the password can access it.
You can do this without installing any extra software by using your Mac's Disk Utility app. It doesn't password protect the folder itself. Instead, it creates a separate folder disk image, but the effect is the same. You can open the folder disk image and move files in and out as normal. It's possible to share the folder disk image with other people and, provided they know the password, they can access files in the folder as well.
To password protect a folder on Mac:
Apple has a built-in firewall that helps to block unwanted inbound network connections and keep malware out of your network and device. This provides a useful layer of protection but it is turned off by default, so you need to manually turn it on to benefit from it. To do this:
For more advanced users, you can review Firewall Options to select more detailed settings. Otherwise, you can simply let the default settings apply. Bear in mind that Apple’s firewall guards against incoming traffic only and does not prevent data from being sent out. For additional security, you can consider using a third-party firewall which offers more advanced protection.
By regularly backing up your files, you ensure you always have copies if something happens to your Mac – for example, if it’s lost, stolen or needs to be repaired.
You can use Apple’s Time Machine feature to back up your files. Time Machine backs up files on a separate, external hard drive which allows you to restore your Mac and data from a specific recent time. To set it up:
Once set up, Time Machine works automatically, provided your external drive is connected to your Mac. It will send you reminder notifications if you don’t connect your external drive for a while. If your external disk runs out of space, Time Machine automatically erases the oldest versions of the files to make room for new ones.
If you have occasional visitors, rather than giving them a full account of their own, use the Guest account available at the login screen. This will enable them to use apps and the internet but won’t allow them to see files you have stored on your Mac. MacOS creates a temporary workspace and deletes it when the guest logs off.
If your Mac is lost or stolen, and you have set up iCloud’s Find My Mac option, when a guest logs on and connects to the internet using Safari, Apple can track your Mac’s location.
Depending on how long you have owned your Mac, you may have software on it that you no longer use. Unused software takes up space on the drive but, more critically, can sometimes create a security risk, as it may contain vulnerabilities that remain exposed. Apple allows users to check for old or unused apps on their Mac. To do this:
As with your phone, your Mac has various privacy permissions as over time, you have granted or denied apps access to different types of information such as your location, contact or calendars. It’s good practice to review these permissions regularly to make sure they are set to a level you remain comfortable with. To do this:
Generally, if you’re in doubt about whether an app needs permission or not, it’s best to be cautious by restricting access.
To check if you are unknowingly sending usage data to Apple and other app developers, click Analytics & Improvements at the bottom of the left-hand menu. Then uncheck the options for data you don’t want to be sent automatically to Apple or other app developers.
If you use Safari on your Mac, it’s worth reviewing Safari’s privacy settings. Some useful shortcuts to know include:
The Find My Mac feature is useful in case your Mac is lost or stolen. Not only will this tool help you find your Mac, but it will also enable you to wipe your drive remotely if your device is lost or stolen. To set it up:
When you leave your computer unattended, it’s a good idea to have a screen saver that can only be turned off with a password. You should set up a screen saver that will start after your computer has been idle for a set interval. To set your computer to lock your screen automatically:
If you have a more recent Mac, you might be able to log in with Touch ID. If you didn’t enable that feature when setting up your computer, you should do so now. It makes logging in quicker and easier and gives you scope to create a more complicated password since you don’t have to type it so frequently. To set up Touch ID:
Your computer’s password still serves as a backup login option and will be required whenever you restart your machine, but you can make it as long as you wish since you won’t have to type it so often. The longer your password, the more secure it is likely to be. Touch ID support also extends to some apps, which makes unlocking them less of a chore.
To minimize your risk of malware and harmful apps, only use apps from a known and trusted source like the App Store. Never download unlicensed or pirated apps from the internet. Harmful apps can often be disguised as a movie or graphics file. These apps, called Trojans, are often spread by internet downloads and email attachments. If you see a warning that a file you receive is an app – for example, a file sent to you in an email – don’t open it and delete it from your Mac.
It’s also a good idea to read trusted reviews of apps before downloading them. This may help you avoid malicious apps and ensure you’re downloading a legitimate app onto your device.
One of the best ways to protect yourself online is by learning how to spot online scams. This includes recognizing phishing attempts and being careful about what you download.
To avoid falling victim to phishing, never click on links in text messages, emails, social media messages or any message which looks suspicious. These could be messages designed to trick you into disclosing personal information such as credit card numbers or passwords.
If you do receive an email claiming to be from your bank asking you to verify login information, look closely at the sender’s details to check who it is from. When in doubt, go directly to your bank’s site in your web browser and avoid clicking on any link within the email. To test your ability to recognize phishing scams, you could try Google’s Phishing Quiz.
Two-factor authentication or 2FA involves inputting a randomly generated one-time code along with your password when logging into your accounts. This provides an additional layer of security because, even if hackers know or guess your password, they won’t be able to guess the randomly-generated code. This prevents them from accessing your accounts. To set up 2FA on your iCloud account:
Once set up, you will receive a one-time password each time you log into your iCloud account on a new device or when logging in online.
You can take 2FA a step further by using an authenticator app. An authenticator app generates unique codes on the spot, rather than sending them via SMS text message, which cybercriminals could intercept. Some password managers also offer this feature.
Another method of implementing 2FA is by using a physical security key or token. This is like a smart card that provides your digital signature and is an option for users who want additional protection. No one can access your Mac without presenting your security key or token, even if they know your password.
A VPN or Virtual Private Network disguises your original IP address and replaces it with an IP address in a different location. This means that hackers and websites can’t trace your connection, increasing your anonymity online. VPNs also encrypt your browsing data, which means that hackers can’t see what you’re doing. VPNs are used for a variety of purposes, but online privacy is chief amongst them. There are various VPNs on the market, including Kaspersky Secure Connection.
Remote access can be useful if you need to access your Mac from anywhere. However, if your login details are compromised, this means others could also be able to remotely access all your files and data. So, it’s a good idea to disable this feature when you don’t need to use it. To do this:
It’s essential to use a secure password to lock your Mac. Using unique, complex passwords for all your accounts is essential in today’s online environment. But, with the hundreds of online accounts we now need for our day-to-day activities, remembering so many unique passwords is very difficult, if not impossible. While some users are tempted to use the same password for everything, this can be a mistake; if your password is hacked, your entire online identity is compromised. Using a password manager is a great solution.
Apple offers its own password manager called iCloud Keychain. This works by saving and securely storing your account login credentials, passwords, and payment card information. All information is encrypted with AES 256-bit encryption, considered military-grade encryption.
While iCloud Keychain can be useful, it is limited in that it can only be used for Apple products, so if you also have an Android phone and a Windows PC, you won’t be able to sync your passwords between devices. For this reason, many users decide to use a third-party password manager that works with all operating systems and can seamlessly sync between devices.
If you aren’t using Bluetooth — or if you are in an environment you don’t trust — then it’s good practice to turn it off. This reduces your Mac’s discoverability and adds an extra layer of privacy. It can help prevent any potentially dangerous connections.
To turn off Bluetooth:
Siri is your Mac’s intelligent personal assistant. It can share personal information, so some users prefer to turn it off when not in use. To turn off Siri:
Included within iOS 16, Apple’s Lockdown Mode helps to protect devices against rare and extremely sophisticated cyber attacks. Apple considers it an extreme protection that’s designed for the very few individuals who, because of who they are or what they do, could be personally targeted by some of the most advanced digital threats – for example, from hostile nation states. Most users won’t be subject to these kinds of threats.
Apple states that when Lockdown Mode is enabled, your device won’t function like it usually would. To reduce the attack surface that could potentially be exploited by highly targeted mercenary spyware, certain apps, websites, and features will be limited for security, and some experiences may not be available at all. For example, Lockdown Mode blocks link previews in the Messages app, turns off potentially hackable web browsing technologies, and prevents incoming FaceTime calls from unknown numbers.
Most users don’t need Lockdown Mode but if you do want to turn it on, here are the steps to follow:
If you have an Intel Mac, you can use a firmware password to prevent people from using alternative startup disks and removable media to boot your Mac without authorization. A firmware password significantly improves security for those who share devices and works as a strong anti-theft measure.
To turn on a firmware password:
Your Mac asks for the firmware password only when attempting to start up from a storage device other than the one selected in Startup Disk preferences, or when starting up from macOS Recovery. Enter the firmware password when you see the lock and password field.
It’s always a good idea to use a comprehensive and up-to-date antivirus. Whilst macOS comes with XProtect anti-malware protection and other safeguards, you can gain additional protection by using a complete antivirus for Macs.