5 Mac Security Tips You Might Not Be Using (But Probably Should)

While Macs tend to be more secure than their Windows counterparts, this doesn’t mean they’re invincible. As Apple’s share of the computer market has grown over the years, hackers have placed an increased emphasis on targeting these devices. If you’re using a Mac, you need to be extra careful.

5 Mac Security Tips to Keep You Safe

Keeping your Mac secure requires some attention to detail, but most of the advice is pretty simple and straightforward. Here are a few of the leading steps you can take:

1. Create a Non-Admin Account for Everyday Use

When first setting up your Mac, the setup assistant will ask you for information like your name, a username, and a password. This data is then used to set up your first user account. Every Mac must have at least one user with administrative privileges, and that first account becomes the admin by default.

Most people use their admin account as their primary account, but there’s something to be said for creating a non-admin account for everyday use. This prevents users from unintentionally installing malicious software or making changes to the computer.

2. Disable Automatic Login

Always require a password to log into your Mac. Automatic login might be convenient when you’re home, but what happens if someone steals your laptop in a coffee shop or airport?

Automatic login means anyone with your computer can access your files. Requiring a login and password keeps people out – even if your device is lost or stolen.

3. Use a Password Manager

Long, complex, unique passwords are a must if you’re going to protect your Mac and the various accounts you access on it. Unfortunately, it’s nearly impossible to remember the right password string for every account. This is why it’s helpful to use a password manager.

There are plenty of good password manager options for Mac. Choose the one that has the features you need. Dashlane, 1Password, and Lastpass are three of the more popular and intuitive tools out there.

Related: You Don’t Have to Be a Rocket Scientist to Manage Passwords

4. Use a VPN

VPNs have become increasingly popular over the years. Adding one to your computer will dramatically reduce your chances of experiencing an attack.

A VPN, also known as a Virtual Private Network, is a technical solution that establishes a private connection across a public network. In other words, VPN users are able to send and receive data via public and shared networks as if their device was directly connected to a private and secure network.

In addition to encrypting data, a good VPN helps unblock restricted websites through a process known as “tunneling.” This allows you to access certain content that may otherwise be banned based on your IP address and location.

There are a variety of VPNs for Mac, including both free and paid versions. While free versions can provide some basic protections, paid versions tend to be much more secure (including lots of extra features). Do your research and find one that fits your biggest needs.

Check out: The Impenetrable Mac Is a Thing of the Past – Use a VPN

5. Run a Two-Way Firewall

Apple has a built-in firewall that provides inbound network protection. However, this only protects you against certain attacks. If you want full protection, you need to run a two-way firewall.

By layering an outbound firewall onto your inbound firewall, you’ll get alerts when a piece of software suddenly tries to connect to the internet. In other words, it tells you when an app or tool tries to do something that you never intended it to do.

Practice Common Sense

While there are plenty of ways for cybercriminals to truly “hack” their way into your Mac, the tips outlined in this article should keep you fairly safe. In most cases, hackers find their way in by exploiting users and getting them to fall into their carefully-laid traps. You can avoid these traps by practicing common sense.

If something appears fishy or seems too good to be true, it probably is. Use caution and never give away sensitive information. If someone is asking for sensitive information, always verify that they are who they say they are. This will help you avoid compromising situations and decrease your odds of being targeted in the future. Combined with the Mac security tips discussed in this article, a common-sense approach will keep you safe.

Anna Johansson
the authorAnna Johansson
Contributing Author
Anna is a freelance writer, researcher, and business consultant. A columnist for Entrepreneur.com, Earth911.com, and more, Anna specializes in entrepreneurship, technology, and social media trends.
Be Sociable, Share This Post!

Leave a Reply

Comment

Name

14 Comments

  • I’m waiting for the Rocket Yard to do an article about security keys. Yubico, CryptoTrust, Thetis and Google make these hardware-based two-factor authentication devices. Are they overkill for home users? Are there enough websites that accept them to make it worth while for the average user? Which one is best?

    • FileVault is serious overkill for the home user and we’ve seen people lose everything when they forgot that password a year or two later. We never recommended it for end users not working for the NSA.

      • Sorry Mick but that is just plain fear-mongering. As if working for the NSA is the only valid and reasonable criteria. As with any tool, you need to know how to use it.

        • It’s indisputably my professional experience, Mr. Mayer. It’s not “fear mongering” to warn clients of something that happens frequently enough to warn them about. Telling ordinary end users they need FileVault matches your mongering profile better.

          There is a difference between the geek and the average user that professionals in this biz often forget. Part of the reason I became an Apple professional was to make that distinction. We don’t expect car owners to know how to pull plugs and replace a timing belt.

          The knowledge required to use a necessary appliance in today’s world should not make using that appliance onerous. Talk to most folks about whether they would rather risk losing ALL of their data (photos, home movies, their crack at the Great American Novel..) to a lost password, or have someone else see/steal a small part of that data, and most would say there is nothing to fear but porn itself.

          FileVault has migration and performance hit issues as well that I would hope you’re aware of.

          Jobs’ passion was making technology easier, more intuitive. He was also obsessed about secrets being stolen, which was his very real professional experience. He believed his OS had been stolen and probably kicked himself hundreds of times by not getting the indisputable rights to what Xerox had given him, what he Woz (and the team) shaped into the first MacOS. Apple’s continued obsession with privacy benefits us all, as it’s an inherently safer OS, much harder to hack, and Apple’s not in the business of selling our data like FaceBook, Google and so many other ad based models are.

          It’s easy to understand why he wanted users to have access to something like FileVault, but that still doesn’t make it a reasonable or necessary tool for ordinary end users who, even if they don’t lose the password, are likely to create an easily guessable one once you know their dog’s name.

          If you’ve never looked a client in the eye and told them their home movie of the birth of their kid is gone forever, you may not understand my joke about the NSA.

          Obviously, your mileage may vary….

          • WOW…you know nothing about me, my qualifications, my experiences, etc, which I won’t bore you with since you are full so of yourself… so much presumption…

            BTW I never said NOT to “warn users” about the pitfalls. I also never said “they need FileVault” nor said it was “necessary”. I simply pointed out this is another security tip not mentioned that might not be used, in line with the title of this article.

            But dissuading people from even considering this tool on the basis that some don’t use it properly or make mistakes IS fear-mongering. It is knowing your audience and knowing for whom it may be suitable vs not.

            So full of prejudices….

  • All excellent, factual information, but terribly impractical for most home users.

    For decades I’ve heard about not working in an admin account and it just creates more work, more clicks, more authorizations. Yes, if you’re in an office environment, or government or anything official, all of these absolutely factual tips should be followed. They’re just not practical for home users.

    Everytime Netflix, or a printer, or your online backup, or email accounts, or…whatever has a glitch, you’ve got 5 times the amount of nonstandard config issues to resolve.

    Nos. 2 and 3 are easy to employ, but I would never advise an ordinary user to pursue the others. They’re not really targets for denial of service attacks and will bring more stress than relief in the end.

    Again, not knocking the facts here, just think a lot of the advice is overkill and creates more problems than it solves. We could all drive our cars with racing helmets and flame resistant suits, but is it really practical?

    • I’m sorry but I have to agree with Anna on point #1 and disagree with you.

      Ten years ago I might have agreed with you but in the current climate of cryptolocker and identity theft attacks, even the average user is at risk.
      I agree that it adds a bit of extra work for things like changing system settings but that is far less pain than having to recover from an identity theft that landed you with a cleaned out bank account or a bunch of forged credit card debt. Have you ever tried to help an acquaintance who had their machine crypto-locked? (Yes they had a backup but because their backup disk was connected all the time it got locked and their cloud storage sync’ed the locked files too).

  • If you are using an account with administrative privileges for your everyday work, instead of creating a non-admin account and moving everything to that account, create a new administrative account and use that account to remove administrative privileges from your original account.

    • That trick (removing admin privs from the first account) work so long as it’s done before they install any software.
      The problem is that if the first user installs any software (EG: Firefox) which is just drag-n-drop into /Applications then they still “own” it and have write-access to it even after losing admin privs (and thus potentially vulnerable to things like drive-by download attacks).

      If you’re going to remove admin privs from an existing account be sure to scan the non-/User areas of the disk to see what files they “own” and adjust accordingly. A bit tricky to do correctly, easier to just create a new account and migrate their stuff to it.