How to Secure your Mac

Leave a Comment / technology / By /

macOS provides pretty good security out of the box, but there’s a lot more you should do to make sure your system and data are as safe as possible.

Sure, the computer costs real money, but hardware can be replaced. Much of your data, on the other hand, is irreplaceable. Photos, e-mail, financial records, your autobiography, etc.: What data on your computer would you hate to lose?

What could go wrong? Glad you asked:

  • loss or theft
  • malware
  • data corruption or deletion
  • hardware failure
  • fire, flood, meteorite, etc.

Sorry, but Apple can’t help with most of those things. Fortunately, you can help yourself. Here’s what you should do.

  1. Get an Apple ID if you don’t have one.

    This will come in handy later. Just visit the Apple ID site and create your ID. Be sure to use a strong password and turn on two-factor authentication!
     

  2. Use strong, unique passwords – the longer, the better!

    If the idea of using a different password everywhere alarms you, fear not. A password manager is a program that remembers all your passwords so you don’t have to. macOS includes its own: KeyChain Access. You can even store encrypted notes in your keychain. Make it your friend. And make sure your master password – your login password – is a strong one that you can remember! KeyChain can suggest memorable ones.

    Here’s the best part: With a password manager, you can use 30-character random strings and never need to type them yourself. If the system doesn’t offer to enter them for you, you can just copy-and-paste.

    IMPORTANT: If you forget your login password, you lose access to your keychain and all those other strong passwords. Bottom line: Don’t forget your login password! If necessary, write it down and store it in a safe.
     

  3. Use a non-administrator account as your regular account.

    The first account you set up on a new computer is an administrator account. An administrator has full access to all aspects of the machine. A standard account – that is, one without administrator privileges – has access to its own files only. If a standard account is compromised, whether by malware or a stolen password, only that account’s files are at risk. If an administrator account is compromised, all files and every aspect of the machine are at risk.

    For that reason, you should add an unprivileged (non-administrator) account and use that for your day-to-day work. You can type the administrator’s password when it’s needed but only when needed. And if you are asked to type an administrator’s password, you should have an idea why it’s needed.

    To create an account:  > System Preferences > Users & Groups
     

  4. Log in on iCloud.

    Go to  > System Preferences > iCloud and login using your Apple ID from step 1. You can sync your calendars, contacts, keychain and other things with iCloud. Then, if you’re away from your computer, you can visit iCloud.com to access that data. Just be aware of how much data you sync because after 5GB, you’ll need to start paying.
     

  5. Turn on Find My Mac.

    This is an iCloud option that merits its own mention. If your Mac is ever lost or stolen, Find My Mac can help you locate it. Make sure it’s enabled.
     

  6. Encrypt the startup disk.

    Go to  > System Preferences > Security & Privacy > FileVault and turn on FileVault. With the disk encrypted, if anyone steals your computer, they won’t be able to read any of your files. To boot the system, a valid user must first enter his or her login password.

    In case you forget your login password, you can unlock the startup disk either with your iCloud credentials or with a recovery key. If you use the recovery key, be sure to store it in a safe place. You can store it in your keychain, but if you forget your login password, you won’t be able to access your keychain. I recommend you use iCloud instead of a recovery key.
     

  7. Turn on the firewall.

    Go to  > System Preferences > Security & Privacy > Firewall and turn on the firewall. This will help protect the system from network attacks.

    Optionally, you can enable stealth mode under Firewall Options to make your machine less visible on public networks.
     

  8. Install antivirus.

    You can buy something, but there are decent free options. I suggest Avast. It will protect your files, e-mail and web surfing.
     

  9. Set up automatic backups.

    When anything bad happens to your computer, your backups are your best friend, but only if you have them and only if they’re current.

     > System Preferences > Time Machine

    Time Machine makes Mac backups easy. Just buy a bus-powered external hard drive compatible with your Mac. I recommend shopping the Apple Store to find drives that work with Time Machine, although feel free to buy it elsewhere if you find a better price. Make sure the drive is at least as big as your internal drive.

    Time Machine works with multiple drives. For greater protection, buy two. Then always keep one of them off-site, at a friend’s house. If your house burns down, or if someone steals your computer and backup drive, your second backup will still be available.

    When you set up Time Machine, be sure to enable encryption. That prevents anyone from viewing your backups. Be sure to store the password in your keychain.
     

  10. Set up automatic updates.

    Go to  > System Preferences > App Store. Enable automatic installation of system data files and security updates. If you are not diligent enough to install updates regularly, also enable app updates and macOS updates.
     

  11. Set these additional system preferences
    • ​​ > System Preferences > Users & Groups > Login Options
      • ​Automatic login: Off
      • Display login window as: Name & password
      • Show fast user switching menu as: Icon
    •  > System Preferences > Desktop & Screen Saver > Screen Saver
      • ​Start after 5 minutes or less
         
    •  > System Preferences > Security & Privacy > General
      • ​Require a password 5 seconds after sleep or screen saver begins
         
    •  > System Preferences > Security & Privacy > General > Advanced…
      • ​Require an administrator password to access system-wide preferences

An additional setting, not security-related, that you might prefer:

  •  > System Preferences > General: always show scroll bars
    The problem with hiding scroll bars is that you sometimes cannot discern that a window has more content than what you can see. Scroll bars are the only visual cues that make that apparent.

Leave a Comment

Your email address will not be published. Required fields are marked *