Tips

Apple thinks macOS security is unacceptable - here's how to keep your Mac safe

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Apple has said that Mac is intrinsically less secure than the iPhone and iPad, but there's quite a bit you can do to shore up your digital defenses on macOS. Here are some good places to start.

Although the Mac has a range of security protections built in, Apple apparently finds the level of malware on the Mac "unacceptable." Back in 2021, Apple head of software engineering Craig Federighi has said that the Mac isn't meeting the high bar for security set by the company's iOS-based devices.

While the Mac may be less secure by its very nature as a more open platform, there are a number of things you can do to bolster your own device's security.

General tips

Keep your Mac updated

One of the most important things you can do is regularly patch your Mac systems. It sounds boring, but it goes a lot further than some of these other tips toward protecting your system.

Keep your Mac as up-to-date as you possibly can.
Keep your Mac as up-to-date as you possibly can.

Apple regularly fixes vulnerabilities and security flaws in macOS and its other platforms. The only way you can get these security fixes is by downloading the latest macOS updates.

We recommend checking your About This Mac > Software Update menu regularly, and read through Apple's security updates page from time to time.

Only downloads apps you trust (from places you trust)

Unlike iOS, which is a closed system, Apple's macOS gives users a lot more choice when it comes to where they download their apps. That freedom can be a good thing, but it can also make it easier to inadvertently download malware.

Notarization protects your Mac from shady apps.
Notarization protects your Mac from shady apps.

Apple has mechanisms in place to keep this from happening, including Gatekeeper and its app notarization system, which involves Apple automatically checking apps from outside the App Store for malware. However, some malware can slip through the cracks.

Avoid downloading and opening any app unless you fully trust the developer, and you obtained it from a reputable site.

Use a Mac password

Typing in a password to get into your Mac can feel a minor inconvenience, but it's an important security step for Apple portables. Without a password protecting it, all of your data is at risk if your Mac is ever lost or stolen.

A strong and unique password is a good idea. Features like Unlock with Apple Watch and Touch ID can keep you from having to type in your password all the time.

It's a good idea to make sure Automatic Login is disabled.
It's a good idea to make sure Automatic Login is disabled.

It's also a good idea to head to System Preferences > Users & Groups > Login > Turn Off Automatic Login. When you disable this, your Mac won't automatically log in to the selected accounts without a user typing in a password. This can stop unwanted access to your personal files.

Develop better online habits

This might be a broad category, but it's a surefire way of avoiding most cybercrime. For example, be wary of suspicious links and files. Don't just open or download anything you see. Verify that it's legitimate first.

And like everything else in life, if it seems too good to be true, it probably is.

The Safari browser is recommended for most Mac users, and supports iCloud Keychain and Apple's own privacy mechanisms.
The Safari browser is recommended for most Mac users, and supports iCloud Keychain and Apple's own privacy mechanisms.

Additionally, it's a good idea to use a password manager to create strong and unique passwords for all of your accounts. Keeping your Mac security isn't going to do much to protect your privacy and security if an attacker has access to all of your online platforms, after all.

If you don't want to spend any money on a password manager, Apple's own iCloud Keychain is a great alternative that allows you to create, store, and auto-fill passwords across your online accounts. If you need a cross-platform version for use on non-Apple devices, then Bitwarden is a great open-source password manager that's free to use.

Check your macOS settings

It's also a good idea to head into your Mac's settings and enable some key security features.

Enable FileVault encryption, and the firewall

FileVault protects the data on your Mac by adding a layer of encryption. It's a good idea for all Mac users, and it's easy to set up. Head to System Preferences > Privacy & Security > FileVault and enable the setting.

You can also enable the macOS firewall, which can block unwanted network contact by other computers. You can enable it in the next pane. Once you do, you can set specific settings, such as apps that can bypass the firewall.

You should enable FileVault to encrypt your Mac's files.
You should enable FileVault to encrypt your Mac's files.

A firewall won't be necessary for everyone, and you should keep in mind that it can interfere with some app functionality.

Review your privacy & security settings

You can tailor which specific apps what access to different system settings by heading into System Preferences > Security & Privacy > Privacy. We'd recommend removing permission access that doesn't seem right — most apps don't need your location, for example.

The Privacy pane allows you to manage your Mac's permissions.
The Privacy pane allows you to manage your Mac's permissions.

In more recent versions of iOS, you can also allow or disable access to areas of your Mac's drive. This is done in the Full Disk Access and Files and Folders sections of the Privacy menu.

If you're using Safari, you can manage your online browsing settings by heading to Safari > Preferences > Privacy

Turn on Find My

Find My is a great feature that allows Mac users to remotely find their devices — and wipe the data off them if they happen to fall into the wrong hands.

Find My allows you to find and remotely wipe lost or stolen devices.
Find My allows you to find and remotely wipe lost or stolen devices.

Because of that, we highly recommend keeping Find My enabled on all of your devices. You can check your Mac's Find My settings by heading to System Preferences > (Your Apple ID) and ticking the box next to Find My.

Disable automatic Wi-Fi joining

There's such a thing as a "rogue access point," which is a malicious device that can masquerade as a legitimate Wi-Fi router. If your Mac is set to automatically connect to nearby Wi-Fi networks, it could be at risk of connecting to a malicious device instead.

It's a good idea to disable
It's a good idea to disable "Automatically join this network" for public Wi-Fi and enable "Ask to join new networks."

A best practice is to simply disable the auto-join feature on macOS. Head to System Preferences > Networks and disable auto-join for public options like Starbucks Wi-Fi or other unsecured networks. Only keep it on for Wi-Fi networks you trust, like those in your home or office.

Other tips

Back up your Mac

Backing up your computers regularly is a best practice — and it can also protect your precious data in case of theft. If you ever need to remotely wipe your Mac with Find My, you'll be glad that you have a backup (or three) on hand.

Time Machine is a security tool as much as a backup tool.
Time Machine is a security tool as much as a backup tool.

Speaking of which, it's a good idea to have multiple backup copies. That can look like two separate Time Machine drives, or a single Time Machine drive and a remote backup service. Keep one physical drive in a safe place, preferably protected by the threat of floods or fire.

Consider security apps

Antivirus and anti-malware apps can be a contentious topic among Mac users. The average Mac owner probably doesn't need a dedicated antivirus system with Apple's built-in protections, but there are a few tailor-made apps that you can consider.

Ransomwhere? is a tool by ex-NSA hacker Patrick Wardle that can help thwart Mac ransomware.
Ransomwhere? is a tool by ex-NSA hacker Patrick Wardle that can help thwart Mac ransomware.

You can opt for a free malware system like Malwarebytes or a paid option like Norton's 360 Deluxe security system, which includes antivirus protections, a two-way firewall, and a built-in VPN. Patrick Wardle, an ex-NSA security researcher, also maintains a suite of free and open-source Mac security tools — including firewalls and anti-ransomware apps.

Use a VPN

A VPN won't necessarily stop you from downloading malware, but it can go a long way toward protecting your privacy when browsing online — particularly if you are on a public Wi-Fi network.

A VPN —  like NordVPN —  can help mask your browsing and online activity.
A VPN — like NordVPN — can help mask your browsing and online activity.

There are plenty of great VPN options on the market, including highly rated ones like NordVPN, Surfshark, or ExpressVPN — but which is best is a topic for another day.