Security

How to secure your Mac in 4 basic steps

Mac users should follow these security tips in an attempt to stay safe from unauthorized access of their machines and infections.

Every user should be operating with renewed and heightened awareness regarding security risks and threats, because automated and purposeful attacks are increasing. Mac professionals are subject to some of the same threats and vulnerabilities that plague all computer users.

Here are four basic steps all Mac users should take to help guard against infections and unauthorized access of their machines. Although these are fundamental protections, several are often overlooked, so they bear reviewing.

SEE: IT leader's guide to reducing insider security threats (Tech Pro Research)

1. Disable Automatic login

Many Mac users prefer the convenience of not having to log in to their system each time the computer starts. Apple permits macOS users to boot Mac computers straight into the operating system without stopping and requiring whoever possesses the laptop to first enter the username and password for an account authorized to access the machine. If such a computer is lost or stolen, anyone finding the Mac will be able to access its email, images, documents, spreadsheets, and other files, and potentially cloud platforms depending upon configuration, without so much as having to enter a password.

That's too great a security risk—you should ensure Automatic login is disabled. Follow these steps to disable the feature.

  1. Click the Apple icon from the menu bar.
  2. Click System Preferences.
  3. Click Users & Groups.
  4. Click the lock icon and enter system administrator credentials to enable making changes.
  5. Click Login Options.
  6. Select Off from the Automatic Login drop-down menu.
  7. Close System Preferences.

Note: Users should also disable the Guest account, which is accessed from the same System Preferences menu. Click Guest User and clear the checkbox for Allow Guests To Log In To This Computer.

2. Use (and don't repeat) complex passwords

Ensure you match a complex password to your user account and don't pair the same password to the Mac's system administrator account or any other login, for that matter.

How complex should a password be? I recommend using a 10 to 12 characters or more, being sure to use a mix of uppercase and lowercase letters, as well as numerals and special characters.

SEE: 17 tips for protecting Windows computers and Macs from ransomware (free PDF) (TechRepublic)

3. Enable the firewall

The macOS firewall is typically disabled by default. Enabling the built-in firewall helps prevent unauthorized access to the Mac's applications, programs, and services.

Follow these steps to enable the firewall.

  1. Click the Apple icon from the menu bar.
  2. Click System Preferences.
  3. Choose Security & Privacy.
  4. Click the Firewall tab.
  5. Click the lock icon and enter system administrator credentials to enable making changes.
  6. Select Turn On Firewall.

Several advanced options are available as well. Click the Firewall Options button to access these components and specify (using the + icon) any applications that should be permitted to accept connections.

  • Check the box for Automatically Allow Built-in Software To Receive Incoming Connections if you wish to permit macOS' integrated programs to route traffic through the firewall. I recommend enabling this option.
  • Check the box for Automatically Allow Downloaded Signed Software to receive incoming connections if you wish to allow programs associated with a valid certificate to operate through the firewall. I recommend enabling this option if you're confident only valid programs have been installed on the Mac.
  • Check the Enable Stealth Mode option, if you do not want the Mac to respond to ping and other network connection attempts. I recommend enabling this checkbox.

4. Patch macOS on a regular basis

Apple routinely releases security patches and performance updates for the macOS operating system. Only by downloading and installing these updates can you ensure your Mac at least possesses fixes for vulnerabilities for which patches have been released. It's worth noting that this past spring's well-publicized Windows ransomware infections wouldn't have proven so widespread had the victim's Windows platforms possessed the latest available patches.

Follow these steps to check for and download and install macOS updates.

  1. Click Finder.
  2. Select Applications.
  3. Double-click App Store.
  4. Select the Updates icon.
  5. Click the Update All button to download and install all available updates.

If you believe updates are available but they don't appear, Apple recommends returning to the Updates tab to check again. If the Updates site cannot be reached, confirm the Mac is properly connected to the internet.

You can also instruct macOS to automatically check for updates and download them in the background. You can opt to have macOS install those updates, too. Follow these steps to enable downloading and installation of macOS updates.

  1. Click the Apple icon from the menu bar.
  2. Click System Preferences.
  3. Select App Store.
  4. Click the lock icon and enter system administrator credentials to enable making changes.
  5. Check the boxes for: Automatically Check For Updates, Download Newly Available Updates In The Background, Install macOS Updates And Install System Data Files And Security Updates.

If you seek to further tighten your Mac's security, check out these four additional steps all Mac professionals may take to further protect data.

  1. Enable File Vault encryption.
  2. Encrypt all backups.
  3. Enable multi-factor authentication for all accounts.
  4. Avoid password application cloud service features.

Adopting such security practices is no guarantee a Mac won't encounter trouble; however, these steps at least increase security and prevent known issues, making them well worth the effort.

Also see

cybersecurity.jpg
Image: Rawpixel, Getty Images/iStockphoto

About Erik Eckel

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

Editor's Picks

Free Newsletters, In your Inbox