When you get a new computer, setting it up is rarely a snap, but when you focus on privacy, things get even more complex. Configuring Mac security settings can be especially difficult because all kinds of activities are hidden behind the scenes. When you set up a new computer or upgrade to the latest version of OS X, it’s never a bad idea to check your privacy settings.
There are many ways you can lose data, and each of them is a reason to back up your files regularly. In addition, downloading files and sharing files with others carries risks, and the number of threats targeting Macs continues to grow. Whether or not you use a personal computer or a business machine, there are a variety of measures you can take to improve your security and privacy. Here are 10 security tips for hardening Macs to lock down your Mac and your data, if you are running a business you may wish to hire a firm to perform a host hardening assessment using a security hardening compliant standard such as NIST or CIS.
Disable Automatic Login
When you set up a new Mac for the first time, or when you perform a clean installation of a new version of OS X, you create a user account (your default account that automatically logs in at startup). This isn’t a problem if you’re at home, but if you’re using a laptop and are on the road, this is a serious risk. This automatic login means that anyone who finds your Mac only needs to start it to access your files.
You can change this and tell OS X to display a login screen at startup. To do so, go to the Users & Groups pane of System Preferences and click Login Options; you’ll see a menu where you can choose which user will automatically log in at startup, or you can choose Off from this menu to disable automatic login. Another way to change this is in the Security & Privacy Settings. In System Preferences, click the General tab and you will see an option to disable automatic logon.
Run a Two-way Firewall (Outbound/Inbound Protection)
Apple’s built-in firewall provides protection for inbound networks. But did you know that firewalls for incoming data only protect against certain types of attacks? With the increasing frequency of new malware and targeted attacks, the best defence is to implement multiple layers of protection. If you have unknown malware on your computer, you want to be able to prevent it from connecting to the Internet-and only a firewall with outbound protection can provide that level of protection. Outbound firewall protection is probably the most important component of a two-way firewall software, at least from a malware defense perspective. Outbound firewalls are remarkably good at warning you about software that you know you downloaded but didn’t think would connect to the Internet. A two-way firewall like Intego NetBarrier provides real protection because it can combat incoming threats and prevent malicious programs on your computer from accessing the Internet, which in turn blocks access to your computer while preventing data from getting out.
Create a Default Account for Daily Activities
When you set up a new Mac, the OS X Setup Assistant asks you for your name, a user name, and a password, and uses this information to set up your first user account. Because there must be at least one user with administrative privileges on your Mac, this first account is an administrator account. While this is useful – you can install software and perform other actions after you enter your password – it can also be risky.
An administrator can make mistakes, and they can change or delete any file. He can also install any software, which can be a risk if the software is malicious, unlike standard users who cannot access Mac. They can use, modify and create files in their home folder, access folders on shared volumes if permissions allow, change settings in unsafe preferences in System Preferences, and install some software (if it doesn’t require installation items in the System or Library folders). While standard accounts are more limited, it can be useful to use them for daily work, just to be safe.
Log in to this second account and use it for your daily activities and to store your personal files. Whenever an administrator password is required, enter the administrator user name and password. While this will result in more password requests than if you were working under an administrator account, each of these requests should show a red flag and make you think about whether you should enter your password.
Install Mac Antivirus Software
Most universities recommend that their students install anti-virus software, in part due to the large number of people who use their computer rooms, share files and participate in a variety of other online activities in which students participate. Downloading files and exchanging files with others carries risks. Wherever a large number of computer users are concentrated in a confined space – such as in a university or a large company – who feel safe when exchanging files, security is only as strong as its weakest link.
Check Frequently for Software Updates
Whether you think malware is a problem on Macs or not, it’s not the only threat you should be concerned about. As we explained on the Mac Security Blog, there are several ways that malicious attackers can target your Mac, which underscores the importance of a layered security approach. That’s why it’s important to keep your software up to date to counter new security threats.
Mac OS X has a built-in software update tool called – you guessed it – Software Update. You can access it by clicking the Apple menu in the menu bar. When you launch this application, it will check Apple’s server to determine if Apple software updates are available. It’s a good idea to run “Software Update” and patch your Mac immediately if security updates are available.
Avoid Illegal File Sharing
Installing pirated software, known under the rather nerdy name of Warez, is not only illegal, but also puts personal information at risk. Warez are a popular means for malware authors to spread their goods, as many people still believe they can get something for free without being aware of the possible consequences. Most people are not aware that one way to make the contents of a computer visible to others is to download pirated software from peer-to-peer websites. When you use peer-to-peer websites, you inadvertently share your information with all other users of the website. Worse, you can accidentally infect your friends’ computers with malware if you live in the same household (use the same network) by installing pirated software. You can maintain a certain level of privacy by avoiding peer-to-peer websites.
Use VPN Software
If you need to shop online and only have access to public Wi-Fi, such as at an airport, coffee shop, or other location on a free public Wi-Fi network, consider using VPN software. Virtual private networks (VPNs) encrypt all data from your computer or mobile device and protect your Mac from people who snoop around the network and try to access data to search for user names, passwords, credit card numbers, and more.
Set Up a Backup Solution
When you start your Time Machine backups, you can take a simple snapshot of your Mac that you can return to in case of a disaster. The best backup is one that you have in multiple locations. Syncing can be part of a good backup strategy, as can using Time Machine to restore your operating system to a previous state. But it’s also important to make sure you have another copy of important data (or a closure of your entire system) on an external hard drive where you can store your important files. Intego Personal Backup schedules automatic backups for quick and easy recovery after unfortunate events such as theft, data corruption or natural disasters. You can sync files between two Macs so that each computer has the latest, most up-to-date files, and create a bootable backup in case you have system problems and can’t access your files.
Check Your Security and Privacy Settings
How comfortable are you with sharing your physical location with different apps? Do you even know which apps get details about where you are? A quick visit to OS X Yosemite’s System Preferences can tell you everything. To update these settings, you need to click on Security & Privacy and select the Privacy tab. Once there, you can select Location Services and see if they are enabled and, if so, which apps can access your location. To make changes to these settings, you may need to unlock the padlock by entering an administrator password.
Disable Spotlight Suggestions
OS X Yosemite has a revised version of Spotlight that can provide inspiration from the Internet. However, if you do not take care to change the default settings, OS X Yosemite’s Spotlight may return your private information to Apple. And this information can be shared not only with Apple itself, but also with third parties like Microsoft’s search engine Bing. For these reasons, you may choose not to use Spotlight’s web search, and if you don’t like the feature, you can fortunately turn it off.
Open System Preferences and select Spotlight. Now turn off Spotlight Suggestions, Bing search on the web, and anything else you don’t like. Now, before you relax and pat yourself on the back, you’re not quite done. You’ve stopped Spotlight from sharing your search queries, but you haven’t stopped the default browser of OS X from doing the same trick. To prevent Safari from sharing the same information, go to Safari > Preferences > Search, then disable “Include Spotlight suggestions”.
What if you are an iPhone or iPad owner? Turning off this feature is a similar process. Just go to Preferences > General > Spotlight Search, then disable Spotlight suggestions, Bing Web results, or anything else you don’t want or need.