Apple thinks macOS security is unacceptable - here's how to keep your Mac safe
Apple has said that Mac is intrinsically less secure than the iPhone and iPad, but there's quite a bit you can do to shore up your digital defenses on macOS. Here are some good places to start.
Although the Mac has a range of security protections built in, Apple apparently finds the level of malware on the Mac "unacceptable." Back in 2021, Apple head of software engineering Craig Federighi has said that the Mac isn't meeting the high bar for security set by the company's iOS-based devices.
While the Mac may be less secure by its very nature as a more open platform, there are a number of things you can do to bolster your own device's security.
Keep your Mac updated
One of the most important things you can do is regularly patch your Mac systems. It sounds boring, but it goes a lot further than some of these other tips toward protecting your system.
Apple regularly fixes vulnerabilities and security flaws in macOS and its other platforms. The only way you can get these security fixes is by downloading the latest macOS updates.
We recommend checking your About This Mac > Software Update menu regularly, and read through Apple's security updates page from time to time.
Only downloads apps you trust (from places you trust)
Unlike iOS, which is a closed system, Apple's macOS gives users a lot more choice when it comes to where they download their apps. That freedom can be a good thing, but it can also make it easier to inadvertently download malware.
Apple has mechanisms in place to keep this from happening, including Gatekeeper and its app notarization system, which involves Apple automatically checking apps from outside the App Store for malware. However, some malware can slip through the cracks.
Avoid downloading and opening any app unless you fully trust the developer, and you obtained it from a reputable site.
Use a Mac password
Typing in a password to get into your Mac can feel a minor inconvenience, but it's an important security step for Apple portables. Without a password protecting it, all of your data is at risk if your Mac is ever lost or stolen.
A strong and unique password is a good idea. Features like Unlock with Apple Watch and Touch ID can keep you from having to type in your password all the time.
It's also a good idea to head to System Preferences > Users & Groups > Login > Turn Off Automatic Login. When you disable this, your Mac won't automatically log in to the selected accounts without a user typing in a password. This can stop unwanted access to your personal files.
Develop better online habits
This might be a broad category, but it's a surefire way of avoiding most cybercrime. For example, be wary of suspicious links and files. Don't just open or download anything you see. Verify that it's legitimate first.
And like everything else in life, if it seems too good to be true, it probably is.
Additionally, it's a good idea to use a password manager to create strong and unique passwords for all of your accounts. Keeping your Mac security isn't going to do much to protect your privacy and security if an attacker has access to all of your online platforms, after all.
If you don't want to spend any money on a password manager, Apple's own iCloud Keychain is a great alternative that allows you to create, store, and auto-fill passwords across your online accounts. If you need a cross-platform version for use on non-Apple devices, then Bitwarden is a great open-source password manager that's free to use.
Check your macOS settings
It's also a good idea to head into your Mac's settings and enable some key security features.
Enable FileVault encryption, and the firewall
FileVault protects the data on your Mac by adding a layer of encryption. It's a good idea for all Mac users, and it's easy to set up. Head to System Preferences > Privacy & Security > FileVault and enable the setting.
You can also enable the macOS firewall, which can block unwanted network contact by other computers. You can enable it in the next pane. Once you do, you can set specific settings, such as apps that can bypass the firewall.
A firewall won't be necessary for everyone, and you should keep in mind that it can interfere with some app functionality.
Review your privacy & security settings
You can tailor which specific apps what access to different system settings by heading into System Preferences > Security & Privacy > Privacy. We'd recommend removing permission access that doesn't seem right — most apps don't need your location, for example.
In more recent versions of iOS, you can also allow or disable access to areas of your Mac's drive. This is done in the Full Disk Access and Files and Folders sections of the Privacy menu.
If you're using Safari, you can manage your online browsing settings by heading to Safari > Preferences > Privacy
Turn on Find My
Find My is a great feature that allows Mac users to remotely find their devices — and wipe the data off them if they happen to fall into the wrong hands.
Because of that, we highly recommend keeping Find My enabled on all of your devices. You can check your Mac's Find My settings by heading to System Preferences > (Your Apple ID) and ticking the box next to Find My.
Disable automatic Wi-Fi joining
There's such a thing as a "rogue access point," which is a malicious device that can masquerade as a legitimate Wi-Fi router. If your Mac is set to automatically connect to nearby Wi-Fi networks, it could be at risk of connecting to a malicious device instead.
A best practice is to simply disable the auto-join feature on macOS. Head to System Preferences > Networks and disable auto-join for public options like Starbucks Wi-Fi or other unsecured networks. Only keep it on for Wi-Fi networks you trust, like those in your home or office.
Back up your Mac
Backing up your computers regularly is a best practice — and it can also protect your precious data in case of theft. If you ever need to remotely wipe your Mac with Find My, you'll be glad that you have a backup (or three) on hand.
Speaking of which, it's a good idea to have multiple backup copies. That can look like two separate Time Machine drives, or a single Time Machine drive and a remote backup service. Keep one physical drive in a safe place, preferably protected by the threat of floods or fire.
Consider security apps
Antivirus and anti-malware apps can be a contentious topic among Mac users. The average Mac owner probably doesn't need a dedicated antivirus system with Apple's built-in protections, but there are a few tailor-made apps that you can consider.
You can opt for a free malware system like Malwarebytes or a paid option like Norton's 360 Deluxe security system, which includes antivirus protections, a two-way firewall, and a built-in VPN. Patrick Wardle, an ex-NSA security researcher, also maintains a suite of free and open-source Mac security tools — including firewalls and anti-ransomware apps.
Use a VPN
A VPN won't necessarily stop you from downloading malware, but it can go a long way toward protecting your privacy when browsing online — particularly if you are on a public Wi-Fi network.
There are plenty of great VPN options on the market, including highly rated ones like NordVPN, Surfshark, or ExpressVPN — but which is best is a topic for another day.