When I was at the Frankfurt airport recently, I saw a businessman leaving his very expensive MacBook Air laptop on the table to go out for coffee. He was gone for five minutes but in those five minutes someone could have stolen the computer or broken into it to get valuable data.
Today, however, hackers don’t need physical access to a machine. Using a network detector, they can scour public wifi hotspots for weak points, or enter private wifi hotspots without a password.
So, from the very beginning, you need to protect your macOS computer from these “bad actors”. However, you must keep in mind that before we continue that you will never have 100% iron security and that if you go against a government agency, these basic steps will not help.
But to stop random opportunists? Continue reading.
Add a passcode to your computer
This is an absolute no-brainer, but I’m amazed at the number of people who don’t mind it. This is like being on vacation and leaving the front door unlocked, and wondering when you come back why you got stolen.
Adding a passcode is very simple. Go System Preferences – Security and Privacy. inside Shared , you can set a password, as well as specify the amount of time after the computer sleeps, the password is required. Clear right away is the best choice.
You can also add a password hint in case you forget your password, but unless you make the hint extremely vague for anyone else reading it, I wouldn’t recommend doing this. Just set a password to something that you are guaranteed to remember.
Turn on FileVault
One of the great things about a MacOS device is that when you power it off completely, the files contained on the hard drive become completely inaccessible. But to take advantage of that, you need to enable FileVault.
Located in System Preferences – Security and Privacy, FileVault encrypts the hard drive, but the encryption takes effect only if the computer is completely turned off. So try not to use sleep mode too often, especially if you’re out and about with your laptop in your briefcase.
When you turn it on, it will take you a few hours to encrypt the entire hard drive, but it’s totally worth it for your peace of mind. If there’s only one thing you should do from this article, it’s FileVault. The rest is just the icing on the cake.
Make sure the Lock is Enabled in System Preferences
Unauthorized changes to the computer System Preferences prevented by using the little padlock icon in the bottom left corner.
If you want to keep System Preferences safe, click the padlock to close it. If you want to reopen to change anything, you will be asked to enter the administrator password.
Do not login as administrator
Another unnecessary thing is to log in to the computer and use it for everyday tasks as an “administrator”.
Users with administrator privileges can do anything on the computer. Installing and removing software, as well as adding and removing users are just two of them. If anyone hacks into your computer logged in as administrator, they will hand over the key to the kingdom.
The solution to this is to create a regular non-admin account and use that account for normal everyday computer use. Leave the administrator account alone and use those login details only when the computer asks for it.
To create a new user, go to System Preferences – Users & Groups. Make sure the padlock is unlocked at the bottom then click the “+” sign below Login option. Set new account to one Standard one.
Guest users are not allowed
A lot of people say that you should have a guest user account for other people to use your computer. But I have the opposite opinion.
Although guest users have much more limited access to your computer, they still have access to two important areas. First, they have access to all installed apps that they can use to perform any malicious action.
Second, they also have access to the tmp directory where malicious scripts and malware can be stored.
So let’s go to System Preferences – Users & Groups and turn off the Guest User option.
Make sure automatic updates are turned on
Like any other operating system, Apple regularly rolls out MacOS updates. Same with software – if a patch is needed, the developer creates a patch and sends it out.
So it makes no sense if the patch is there ready to be installed and you don’t have automatic updates turned on. Unless you want to check manually every day and who has time for that?
To enable Automatic Updates, go to System Preferences – Software Update. Tick the box that says Automatically update my Mac.
If you then click Advanced , you will see the available options. I suggest you tick all of them.
Turn on the firewall
This is also a bit of a no-brainer, but again, many people just don’t mind.
Compared to the Windows firewall, which can involve a lot of tweaking, the macOS firewall is a one-click deal. By going to System Preferences – Security and PrivacyAnd after that Firewall , you can enable the firewall with one click. And that’s really it.
I have never have to touch anything in Firewall Options section. I’ll be doing an article on MacOS Firewall’s “Stealth Mode” soon, but in general, keep things as they are in the screenshot below.
Anonymize your computer’s network name
Here’s one that was recommended to me by a friend not too long ago, and it’s something I’ve never really considered before.
If someone hacks into your network, they will obviously see the names of all the devices connected to that network. If there is only one device (your MacOS device), this will be limited to no impact. But if you have multiple devices on your network, you can try to disguise your MacOS device by hiding its name.
For example, until I was advised on this, my computer’s name was “Mark’s MacBook Air”. I mean, I might as well have put up a sign that says “Come in! Get all my files here! “. But by changing the name to something innocuous, it is now between all my other connected devices.
Obviously, this is not easy. Anyone can test each device one by one, but it takes more time and makes things more complicated for them.
Go System-Preferences – Share and at the top you will see your computer name. Click the padlock at the bottom of the screen, enter your administrator password, and the edit button next to the computer name should suddenly work. Click it.
You will now be invited to change the name to whatever you want. Keep for “Use dynamic global hostnames”
Turn off Share
While you are at Share it’s time to disable all of these options – except for one – content caching.
From what I can find, Content Caching is good and seems to really benefit you. This, in turn, will enable Internet Sharing, so I guess you can leave that on as well. But others, such as Screen Sharing, File Sharing, Remote Login – turn them off (unless you have a great need to enable them).
As I said at the beginning, these measures only prevent casual snoopers at the coffee shop or thieves from trying to snatch your laptop for quick cash.
If you are being attacked by a government agency or another professional, these measures will slow them down – but only for a very short time.
But still, better than nothing, right? Why make it easy for them?