If you’re a Mac user, you’ll want to make sure you’re using your computer as securely as possible. The common notion is that the MacOS is secure out-of-the-box, but the truth is that every Operating System is vulnerable to attacks and hackers. Last week, Apple released security updates for MacOS. The MacOS is fairly secure, but there are a few steps you can take to make sure you’re as secure as possible.
Create a Standard User Account
This recommendation comes with every operating system from Windows to Linux and MacOS. You’ll want to create a standard user account for your everyday use, which is an account that doesn’t have administrative privileges. By doing this, if any software tries to install itself or change system configuration, you’ll be prompted to enter administrative credentials for authorization. See this Apple article for creating user accounts.
Disable Automatic User Login
This is another recommendation for any operating system. Always configure your login options so that you have to enter your password at startup and after your screensaver. You never want to have your system configured to allow automatic logins.
To configure the settings for entering your password after your computer has been asleep go to the General tab of the Security & Privacy system preference. Just enable the Require Password option and choose Immediately or 5 seconds from the pop-up menu and you’ll be required to enter a password to use your Mac after it’s gone to sleep or the screen saver has started.
- Click on Apple button
- Click System Preferences
- Choose User & Groups tab
- Click the Lock button below, enter your administrator password
- Click on Login Options tab
- Choose Off from pop-up window after you click Automatic Login
- Choose Name and Password from the pop-up window after clicking Display login window as
Disable Java
If you use Safari as your browser, Java has had many known exploits throughout its history and it is recommended that you disable it if you don’t need it.
You can read this Apple for how to disable Java in Safari.
Disable Auto Download In Safari
By default, Safari is configured to automatically download files when clicked on. This could allow the browser to automatically download files that you don’t want on your system, even if Apple believes they’re safe. You can check and modify your settings here:
- Go to the settings of your safari browser
- Uncheck Open safe files after downloading in General tab
Uninstall Flash Player
Similar to Java, Adobe Flash Player has had many security vulnerabilities throughout the years as well. If you don’t need it, it is best to uninstall it. You can follow Adobe’s uninstall instructions.
Disable Remote Login
Similar to Remote Desktop in Windows, Apple gives you the option to remotely log into your computer. While this should be blocked at your firewall, it is a good idea to disable the option, especially if you go to public wifi hotspots. To disable remote login:
- Click on Apple button.
- Select System Preferences to access the option.
- Choose on Sharing option.
- Remove check from Remote Login.
Set Gatekeeper To Secure Settings
Gatekeeper is Apple’s built-in malware check app. By default, the settings are satisfactory, but check them just in case they’ve been changed. You’ll want to set it to either Mac App Store or Mac App Store and Identified Developers.
You can read about Apple’s Gatekeeper and how to access its settings in their support article.
Install Antivirus Software
One of the questions I’ve seen posted all around the internet is if antivirus software is needed for a Mac or Linux. While there aren’t many viruses out there that target these machines, they do still exist. My recommendation is YES, install an antivirus software. There are some good free ones out there. I would choose one from a well-known developer and read some reviews because antivirus software can change throughout the years. What was decent a few years ago might not be anymore.
Update, Update, Update
Always check for updates for your installed apps and from Apple. Apps and the OS can have vulnerabilities and they’re usually patched quickly as long as you keep your computer updated. Many virus infections happen because of vulnerabilities that were left open on an un-patched computer.
- Click on Apple button.
- Select System Preferences to access the option.
- Choose Software Update option.
- Select Check for update option.
- Choose frequency to daily.
Enable The OS X Firewall
MacOS comes with a built-in firewall that is decent. While you might be behind a corporate firewall or even your home router should have a firewall, it is best to enable the OS-level firewall too. This is especially true if you connect to public wifi hotspots where someone could try to gain access to your computer and do vulnerability scans.
To set up your firewall, go to the Security & Privacy system preferences, click on the Firewall tab, and then unlock the preference pane, after which you will be able to click the Turn On Firewall button. This basic option is the best for most purposes, but you can also click the Firewall Options button to see the specific settings for each application as well as access some additional features such as stealth mode (which hides your computer from outside access attempts) and an option for blocking all connections.
Enable FileVault
FileVault is the full-disk encryption routine in OS X that will secure all files on the drive, including OS X system files, applications, caches and other temporary files.
To enable FileVault, go to the FileVault tab of the Security & Privacy system preference, unlock the preference, and click Turn On FileVault. When you do this you’ll be asked to choose the user accounts that are authorized to unlock the disk (you can add other accounts later, if you like). Click Continue and your Mac will begin encrypting your drive. This may take a while to do, especially with large mechanical drives, where both encrypting and optimizing may take a number of hours to complete.
Full disk encryption is primarily useful for protecting a stolen Mac. When your drive is unlocked, files on it can be read. However, before it’s unlocked (ie, your Mac is shut down), all data on the drive will be scrambled. This prevents data recovery by unauthorized third parties, who might try to access it using Target Disk mode on your Mac or by removing your Mac’s hard drive and attaching it to another computer.
Enable Find My Mac
To remotely access and track your Mac, open the iCloud system preference and switch on the Back to My Mac and Find My Mac iCloud services. With the first option checked you can access the sharing services you’ve enabled on your Mac. For example, with Screen Sharing turned on, your remote Mac will appear in the Finder sidebar, where you can click it and share its screen to view and interact with your remote Mac’s desktop.
For Find My Mac, if your system is ever stolen you can log into iCloud.com or use the Find My iPhone app on an iOS device to locate your device, send it a command to lock it down unless a password is supplied, have it issue a sound (also a great option for locating a misplaced iOS device), or remotely wipe the device.