Macs are fairly secure out of the box, but there are a couple of important security settings that every user should enable for a more secure computing experience.
Stay Up to Date
Some people are wary of automatically updating their software. The idea being if it’s not broken, don’t fix it. However, software updates provide many advantages including bug fixes and patches for security vulnerabilities. Generally, benefits of keeping software updated far outweighs the risks. It also saves you hours of time if software update are installed as they’re available rather than having to do them all at once.
To check for Mac software updates, open the App Store app on your Mac, then click Updates in the toolbar. If updates are available, click the Update buttons to download and install them.
You can also have your Mac automatically download and prepare updates to install in the background. Here’s how:
- Go to Apple menu and choose “System Preferences”
- Go to the “App Store” panel
- Check the boxes for “Automatically check for updates” and “Download newly available updates in the background” – these two features must be enabled to allow for the “Install OS X Updates” option to be available
- Check the box next to “Install OS X updates” to enable that, then close out of System Preferences as usual (or hit “Check Now” at the bottom to see if anything is waiting at the moment)
Turn on FileVault
FileVault (version 2 - let’s not speak of the original FileVault) is available in OS X Lion or later and it’s a feature that I recommend most users activate immediately. FileVault offers full-disk encryption. When enabled, the entire contents of your computer’s startup drive are encrypted. This means that when your computer is powered off, the drive’s data is useless without a password.
With FileVault enabled you can also use Apple’s Find My Mac feature to remotely wipe your drive in a matter of seconds if your computer should fall into the wrong hands.
Because the contents of your drive are encrypted at rest, your Mac always requires that you log in with your account password, another good security feature. However, a word of caution - If you lose or forget both your account password and your FileVault recovery key, you won’t be able to log in to your Mac or access the data on your startup disk.
Here’s how you enable FileVault:
- Choose Apple menu () > System Preferences, then click Security & Privacy.
- Click the FileVault tab.
- Click the Lock Locked button, then enter an administrator name and password.
When you first enable FileVault, your Mac will restart and encryption of your startup disk occurs in the background as you use your Mac. This takes time, but it only occurs once. You can check progress in the FileVault section of Security & Privacy preferences.
Lock Your Mac
We all step away from our screens from time to time. Maybe to grab a cup of coffee or pop into a meeting. Unfortunately, if your computer is sitting open and logged on in your desk it can be ripe for someone to access your personal and confidential information. Make it a practice to lock your Mac when you step away, or if you forget – require a password to wake your Mac from sleep or when a screensaver starts and set the duration from a short time to limit your exposure.
To configure your Mac to require a password after sleep or a screensaver you’ll need to make a setting change:
- Go to System Preferences > Security & Privacy > General.
- Check the box next to “Require Password” and set an interval that meets your workflow. If you want the highest level of security, set it to “immediately.” If you find yourself accidentally locking your screen, set it to 5 seconds
- Once configured you’ll now have to enter your account password upon waking your machine from sleep or a screen saver.
To quickly lock your Mac’s screen while the system continues to run in the background, press the following key combination: Control + Shift + Eject. If you have a newer Mac that doesn’t have an eject key on the keyboard, you’ll press Control + Shift + Power.
Another method of quickly locking your Mac is to activate the screen saver using a hot corner. Here’s how:
- Open the Desktop & Screen Saver System Preferences panel
- Activate the Screen Saver tab, and click the Hot Corners button.
- Decide which corner of your screen you’d like to use, then click the corresponding pop-up menu and select Start Screen Saver.
- Now when it’s time to walk away, just fling your mouse into that corner of the screen, and you’ll trigger the screen saver.
As a backup – in case you forget to lock your Mac when you step away for a moment and then find yourself delayed, I suggest that you configure your screen saver to automatically start after a relatively short interval of inactivity, say 5 or 10 minutes. This will mean that once your Mac has sat idle the screen saver will activate and your Mac will lock. To do this:
- Open the Desktop & Screen Saver System Preferences panel
- At the bottom of the screen select the interval to start the screen saver
Use A Password Manager
Even if you’ve done everything right to secure the data on your Mac, so much of our data is stored or transmitted through cloud-based services and ripe to be compromised. As individuals, the single best thing we can do to protect ourselves is to use good password practices and to require those that use our services (our employees, clients, etc.) to do the same. This includes:
- Using strong passwords. (Fluffy99 is not a strong password)
- Using unique passwords across every service (no more using the same password or variations of the same password across multiple sites and services)
- Use two-factor authentication where it’s available
For those getting started or who don’t want to use third-party software, Apple offers iCloud Keychain to keep your Safari website usernames and passwords, credit card information, and Wi-Fi network information up to date across all your approved devices that are using iOS 7.0.3 or later or OS X Mavericks 10.9 or later. iCloud keychain will suggest strong passwords, store them and then auto-fill the passwords across Mac and iOS devices.
iCloud Keychain is a start, but is limited in features. While it might work for an individual user who has a few passwords and only uses a Mac and iOS devices it is not particularly robust and not appropriate to use in a team setting. For these reasons, I recommend a dedicated password management application such as 1Password (available at 1Password.com) and LastPass (available at lastpass.com)
Password managers have many features, which vary from service-to-service, but typically include:
- The ability to encrypt your sensitive information behind one “Master Password” which you remember
- The ability to store passwords, credit card information, secure notes, and more
- The ability to sync password information across multiple devices, platforms, and services
- The ability to generate strong and secure passwords
- The ability to automatically fill passwords using browser plug-ins
- The ability to securely share passwords with other family members or colleagues
- The ability to manage passwords and access across a team