Apple iMac

Securing your Apple Mac

Apple Macs have historically always been seen as more secure than Windows devices, with many people believing that their in-built security leaves them all but impenetrable to attack. The truth is that any device that is open to the web is vulnerable to attack. You should take the same cautious approach when using a Mac as you would any other device.

 These days there are a number of worthy Anti-virus programs that you can install on your Mac but in fairness to Apple, they already do a pretty decent job of preventing you from downloading malicious software and an equally decent job at preventing you from installing it. We’re not saying “don’t get Anti-virus” because we believe in a multi-layered approach to security, we just believe that you can dramatically improve an already decent resilience to attack by implementing a few minor adjustments to your settings and by following some of these good practice techniques…

Disable automatic login and enable FileVault drive encryption

Automatic login may be convenient but it effectively leaves your device unlocked for anyone to pick up and gain complete access to without the need for a password. FileVault encrypts all of the data on the Mac’s start up disk requiring you to enter a password when the device is first turned on. Without the password, the data is unrecognisable.

System Preferences > Users & Groups > Login Options > Automatic Login

System Preferences > Privacy & Security > FileVault > (lock icon) > (credentials) > Unlock > Turn on FileVault

Enable Activation Lock and disable Java script

Activation lock prevents someone from resetting your device without knowing your iCloud account information. JavaScript is used in nearly 98% of websites and mostly enhances the end user experience, particularly when it comes to speed. It can be a delivery method for malicious attacks so this is something you’ll have to weigh up the options for. Disabling it could affect the performance and accessibility of some sites.

System Preferences > Apple ID > iCloud > Find My Mac

Safari Browser > Preferences > Security > Enable JavaScript 

Enable Two-factor authentication and require password after sleep

Two-factor Authentication (or multi-factor authentication) is the staple for a solid defence against password hacking. If you haven’t already enabled this for any apps that allow it, do it now. If someone manages to learn the password to any of your systems or accounts, they will still not be able access them with 2FA in place. It may be a slight hinderance but the improved security is ultimately worth an extra few seconds when you first log in. 2FA requires you to enter a code texted to you, or a fingerprint or face scan or a code delivered to an authenticator app. If you struggle to get into the habit of locking a device whenever you step away from it to prevent anyone else from tampering with it, then setting your Mac to require a password after sleep is essential.

System Preferences > Apple ID > Password & Security > (your name) > Two-Factor Authentication

System Preferences > Security & Privacy > General > Enforce password after sleep or screen saver > Require password after sleep

Enable auto updates for your OS

Security updates and essential system files are included in your OS updates. Cyber Criminals no longer probe apps and systems looking for a weakness, they simply review the security patches in a new update and target those vulnerabilities being fixed, knowing that people delay updating their operating system “until it is convenient for them”. From the moment an update is released until the moment you complete the install, you are at heightened risk.

System Preferences > Software Update > Automatically keep my Mac up to date

 

Only download official apps and enable auto updates for them

Apple reviews each app before it is accepted into the App Store to ensure it hasn’t been tampered with or altered. Using the official App Store is also often enforced by policy by an employer as official apps are vetted and can be held accountable. Rouge applications can be unmoderated and may not have the same security protocols as ones found in the App store. Like with Operating System updates, individual App updates also include fixes to known bugs and vulnerabilities and should also be installed without delay before the publicised weakness can be taken advantage of.

 

Review the permissions for each of your apps

We’ll all installed an app that we need to use immediately and just accepted all the permission pop-ups, yet we often forget to review those settings after the fact and end up with an app that we never use having access to far more than we’d actually like. It is good practice to periodically review the permissions set for each installed app to make sure they are still relevant. An App update could even alter the settings you had originally agreed to.

System Preferences > Security & Privacy > Privacy > (lock icon) > (credentials) > (changes) > (lock icon)

 

Firewalls and remote access vs. assisted support

You will need to decide what works best for you when it comes to enabling your firewall and disabling remote access to your Mac. For personal devices it’s a no-brainer. For a work device, however, neither control is absolutely essential, especially when the other controls mentioned in this article are put in place. There’s no denying that turning on the firewall and preventing others from remotely accessing your device is a good thing to improve your security but unfortunately, both options are also going to make it very difficult, if not impossible, for your IT Support team to remotely connect to your device in the event of a break/fix incident, or to offer any other type of remote support.

Other considerations

Other things to consider for the best possible protection for your Mac are to delete any unused applications. You can always download them again in the future if you need them but for now they’re taking up space and can be a potential risk to your system if not kept up to date.

It is always a good idea to consider a reputable password manager to store your passwords in. These are a little more effective than the in-built password manager and can be far more secure than keeping your passwords stored in Notes (yes, we know you do that). They allow you to create long complex passwords that can never be cracked, or remembered, because they do the “remembering” for you.

Finally, don’t download sensitive data to your device, rather store it in secure cloud services. While cloud apps do also contain an element of risk, the reality is that the reputable ones are probably going to be far better equipped at protecting your data than you can be.

 

There you have it, a number of quick, easy and free fixes to improving the security of your Mac’s that can be implemented in a matter of minutes. 



Jason Abrahamse

Jason is ITbuilder's security expert and leads our information security project team. He provides consultancy and support on matters relating to cyber-resilience and data protection.

Something of an industry veteran, Jason has held various roles in the industry and combines that expertise to consult with customers on security best practices.

Jason is a native of South Africa, but is now a fully naturalised Brit except for not being accustomed to the cold. He lives locally in Hertfordshire.


More articles from

Back to Blog