Lock it down: The macOS security guide

Credit to Author: Jonny Evans| Date: Wed, 15 Nov 2017 06:11:00 -0800

Apple’s systems are highly secure, but if your private or enterprise data matters to you it’s essential to ensure your Mac is as highly secured as possible. This quick guide should help you do just that.

Malware is everywhere and Macs are not immune. You can ignore the potential threat if you choose, but if you are an enterprise user holding confidential data, an educator in possession of private data, or even a Bitcoin collector who maybe clicked a few too many links on one of those dodgy faucet websites, you should know to get your Mac secured.

Before we get into some of the security technology inside your Mac (including a wide range of security improvements in High Sierra) it is also important to point out that the biggest threat your computer faces is the person using it. Cyberattackers are highly sophisticated and can piece together lots of information about you, or companies associated with you by simply getting a little more data a little at a time. Make it hard for those people by following simple tips, including:

The jury remains out on virus checkers.

Many Mac users believe it slows Mac performance – but so too does unwanted adware, Potentially Unwanted Programs (PUPs) and malware if it lurks on your Mac.

I choose to scan my system regularly as I send and receive digital assets from lots of sources, and also believe that I have a responsibility to ensure I don’t inadvertently transmit Windows malware to others from my Mac.

Numerous applications are available. AVG for Mac is Macworld UK’s most highly-recommended (free version available) anti-virus package, Malwarebytes for Mac is also popular.  There are several paid solutions available.

Let’s move on to look at some of the other security protection solutions in place on your Mac. (You’ll find that you need to unlock System Preferences by tapping the padlock icon and entering your password to make changes in many of the following cases).

Your Mac’s built-in Firewall should be enabled by default. Check that it is in System Preferences>Security & Privacy where you choose the Firewall Tab. Choose Turn on Firewall and it will be enabled. Tap Firewall Options and you can choose which apps can receive inbound connections, and even enable a Stealth Mode which will make your Mac less visible on public networks by preventing it responding to probing network requests (such as Ping requests) that may reveal its existence.

I’m certain you already use a strong password to secure your Mac, but you can choose how strongly password protection is applied in System Preferences>Security & Privacy. Here you can set how long your Mac is left unattended before a password is required, (immediately after sleep is the best protection if working in a shared environment).

The Privacy pane in Security & Privacy Preferences controls numerous items. You can choose which apps (if any) you allow to use Location Services, or disable them entirely. You can also control which apps are given access to other data on your Mac: Contacts, Calendars; Reminders, Photos, Twitter, Facebook, Accessibility and Analytics.

You will also need to vet the security settings of your browser. The Safari browser in High Sierra has a selection of privacy focused improvements.  Open Safari>Preferences>Privacy to see the following:

You should also open the Security pane in Safari Preferences. Here you can ensure you receive warnings when you visit a fraudulent site, disable JavasScript and block popup windows.

System Preferences>Sharing lets you choose to share services – files, printers, Bluetooth and more – from your Mac. I tend to keep all of these off by default but you may find that some apps ask you to switch a service on (for perfectly legitimate reasons). When you finish using an app that is using Sharing tools you should manually look inside these settings to make sure they are disabled again afterwards.

Most enterprise security guidelines encourage you to strictly police the apps installed on your Mac if your computer carries confidential information, for example, company files, enterprise secrets, patient data or student reports. Apple agrees, and that is why the company has made it much harder to install apps from sources other than the App Store.

You control App download behaviour in the General Pane of Security & Privacy Preferences.

Here you can allow apps downloaded only from the App Store, or only from the App Store and identified developers. In most enterprise set-ups you’ll choose the second, if only so you can install trusted but limited distribution apps made by the company.

Apple’s FileVault encryption is a powerful tool with which to prevent your data being abused even if your system is compromised.

FileVault is available in Security & Privacy System Preferences. When enabled it encrypts the contents of your Mac automatically and you will need to use your login password or a recovery key to access your data. The downside? If you can’t remember either of those passcodes you will lose access to your data.

Apple’s Find My iPhone feature will also help you find your Mac if it is lost. You can enable this in System Preferences>iCloud where you should ensure Find My Mac is checked to on (and that you are logged in using your Apple ID).

If your Mac is lost you may then be able to find it by visiting www.icloud.com using a web browser, logging in using your Apple ID, and finding the device in the Find My iPhone web application there.

You can also set a firmware password. This makes it impossible to start your Mac up from an external bootable volume unless you enter a password.

You’ll probably find most enterprise Macs have this feature enabled by your tech support team – but you must be very careful when you choose to enable it yourself.

Why? If you forget your firmware password the only way to regain control of your Mac will be a visit to an Apple Service Provider or Apple retail store.

You enable a firmware password by starting your Mac up into Recovery Mode (hold down Command-R during start-up), and selecting Firmware Password Utility from the Utilities menu that appears at the top of the Recovery Mode screen.

Good luck:

Armed with this selection of tips your Mac should be as strong and stable as it can be for most ordinary use. You may also find a few more ideas to improve your Mac security in this earlier article. Do you have any good suggestions to help secure your Mac? Let me know via social media below.

Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic’s Kool Aid Corner community and get involved with the conversation as we pursue the spirit of the New Model Apple?

Got a story? Please drop me a line via Twitter and let me know. I’d like it if you chose to follow me there so I can let you know about new articles I publish and reports I find.

http://www.computerworld.com/category/security/index.rss