The four Mac security options everyone should know

As our lives increasingly go digital, security is a major concern not only for the various online services we use, but also for the devices on which we save our data. Chances are that if you're reading this article, you own a Mac. And on your Mac, you'd like much of the work you do on it to be kept private.

While OS X is relatively secure by default, there are some additional steps you can take to ensure the data on your Mac is only accessible by you, even if your Mac is stolen. Take the following tips to heart to better protect your Mac and its data.

Enable the OS X firewall

The firewall in OS X is a network filter that allows you to control which programs and services can accept incoming connections. While classic firewalls do this on a per-port basis--regardless of which software is using the port--OS X's firewall can work on a per-application or per-service basis, giving you more flexibility.

To set up your firewall, go to the Security & Privacy system preferences, click on the Firewall tab, and then unlock the preference pane, after which you will be able to click the Turn On Firewall button. This basic option is the best for most purposes, but you can also click the Firewall Options button to see the specific settings for each application as well as access some additional features such as stealth mode (which hides your computer from outside access attempts) and an option for blocking all connections.

The firewall is a good option to enable if you're connected to a public Wi-Fi network, such as one at a cafe, library, or other hotspot. For home networks you can usually rely on your router's firewall for protection, though enabling the OS X firewall for added security generally won't cause additional problems.

Enable FileVault

FileVault is the full-disk encryption routine in OS X that will secure all files on the drive, including OS X system files, applications, caches and other temporary files; any of which may contain personal or sensitive information.

To enable FileVault, go to the FileVault tab of the Security & Privacy system preference, unlock the preference, and click Turn On FileVault. When you do this you'll be asked to choose the user accounts that are authorized to unlock the disk (you can add other accounts later, if you like). Click Continue and your Mac will begin encrypting your drive. This may take a while to do, especially with large mechanical drives, where both encrypting and optimizing may take a number of hours to complete. For a walkthrough on setting up FileVault, see this story.

Full disk encryption is primarily useful for protecting a stolen Mac. When your drive is unlocked, files on it can be read. However, before it's unlocked (ie, your Mac is shut down), all data on the drive will be scrambled. This prevents data recovery by unauthorized third parties, who might try to access it using Target Disk mode on your Mac or by removing your Mac's hard drive and attaching it to another computer.

Password management

If you use numerous online services regularly then you will (or should) have different credentials for each one. These may be difficult to remember. Often people store their credentials in a text, Word, or Pages file for easy access, but this is a highly insecure way to store passwords. In OS X you have a built-in alternative for managing passwords called the keychain.

Unlike other security options, the keychain is enabled by default to store your various passwords for online services, email accounts, sharing services, and many other authentication routines. Whenever you see a checkbox for saving your password, or in a drop-down menu when using Safari, this is OS X asking you to store these passwords in an encrypted file called the login keychain.

This keychain can be managed using the Keychain Access utility (/Applications/Utilities). In most cases, unless you're troubleshooting your Mac, there's little need to use this utility. Instead, simply use the option to save your passwords and OS X will automatically enter them where appropriate.

There are some third-party password tools such as 1Password that provide expanded password management. If Keychain Access and Safari's ability to store passwords don't provide you with the features you need, try 1Password or a similar utility.

Locking and locating

A final couple of options for protecting your Mac include securing your computer when you have to leave it unattended and enabling remote access to it--not only to interact with it from afar, but also to track and lock it down, if needed.

You set up the first of these options in the General tab of the Security & Privacy system preference. Just enable the Require Password option and choose Immediately or 5 seconds from the pop-up menu and you'll be required to enter a password to use your Mac after it's gone to sleep or the screen saver has started. The shorter the time interval you use in this feature, the better, especially for laptops. Just close the lid to lock the system.

To remotely access and track your Mac, open the iCloud system preference and switch on the Back to My Mac and Find My Mac iCloud services. With the first option checked you can access the sharing services you've enabled on your Mac. For example, with Screen Sharing turned on, your remote Mac will appear in the Finder sidebar, where you can click it and share its screen to view and interact with your remote Mac's desktop.

For Find My Mac, if your system is ever stolen you can log into or use the Find My iPhone app on an iOS device to locate your device, send it a command to lock it down unless a password is supplied, have it issue a sound (also a great option for locating a misplaced iOS device), or remotely wipe the device. See How to track a lost computer with Find My Mac for more details.

Overall, while Apple can do very little to prevent your computer from being stolen, OS X does its best to protect the data it holds as well as offers a chance that you can pinpoint its location. With these options enabled, you can be sure your Mac's data is as safe as possible, with little to no inconvenience for you.

Join the CSO newsletter!

Error: Please check your email address.

Tags EnableOptionpasswordssecurityOS Xsoftwareoperating systems

More about AppleClick

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Topher Kessler

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts