Anyone who spends any time on the internet needs to think about cybersecurity. That includes Mac owners. For a long time, Mac security was seen as unnecessary, because Macs didn’t tend to get viruses, but things are much different today. Security threats against Apple computers have increased massively, and Mac owners need to think seriously about how they protect themselves and their valuable data from criminals.
If you’re unsure about what cybersecurity measures you need to take, this guide is for you. We’ll cover everything you need to know how to secure your Mac, from built-in settings to third-party software.
- How secure are Macs?
- How to set up your built-in Mac security
- How to secure your Mac with third-party tools
How secure are Macs?
To its credit, Apple regularly releases security updates for macOS, which help to prevent criminals using flaws in the code to attack users. It also keeps a tight leash on who can release apps in the App Store, so rogue apps are unlikely to find their way on there.
macOS also includes a feature called Gatekeeper, which makes sure only software from trusted sources is allowed to run on your Mac. When you try to run or install software from outside the App Store, Gatekeeper will step in to verify it, and you’ll get the choice whether to proceed or not.
Other macOS security features include a firewall and a basic antivirus system called XProtect, which aims to detect and block malware from running.
Many Macs have hardware-level security too. From 2018 to 2020, Intel Macs included the T2 Security Chip, which provides security features like encryption and secure boot. Unfortunately, this chip has been found to have an ‘unfixable’ flaw, so it’s not perfect. M1 Macs, however, don’t have this problem so are considered to be more secure.
But Macs are not immune from malware. When they were still niche, they weren’t a target like Windows PCs were. That’s changed as they’ve grown more popular. Mac ownership is more common, so cybercriminals see them as a more worthwhile target than they used to be.
How to set up your built-in Mac security
As well as regular patching to keep it secure, macOS has built-in security features to protect its users. These include a firewall, basic antivirus, a password manager and disk encryption. Some of them are more useful than others, but they’re all worth knowing about, so you can make an informed choice about what to enable and what to leave turned off.
Disable automatic login
By default, when you restart or turn on your Mac, it will ask you for your login details before allowing you to use macOS. With automatic login, you can avoid that, but anyone can then access your Mac. You can turn it back on in the security preferences for your Mac.
How to disable automatic login on a Mac:
1. In System Preferences, click Users & Groups
2. Click the padlock in the bottom left
3. Enter your login details, and click Unlock
4. Click Login Options under the user list
5. From the Automatic login dropdown menu, select Off
Set up new users
Setting up users means you can stop other people from accessing your Mac and your files. If you give them their own login, they can use your Mac, but they won’t have access to your data. This simple Mac security feature is ideal if you share your computer.
Here’s how to set up users on your Mac:
1. In System Preferences, click Users & Groups
2. Click the padlock icon in the bottom left
3. Enter your username and password, and click Unlock
4. Click the plus button under the user list
5. Fill in the Full Name, Account Name, and Password fields, and click Create User
6. Make sure it says Standard in the New Account dropdown menu
Keep everything updated
Software developers often release security patches to stop hackers from exploiting weaknesses in their code. That’s why it’s so important to keep all your software up to date. This basic Mac safety tip can make a huge difference, so if some of your apps aren’t being updated any more, then it might be time to replace them.
Here’s how to check for updates in macOS:
1. In System Preferences, click Software Update
2. Wait while it checks for updates
3. If any updates are available, it will let you know
This will only look for macOS and Apple software updates. You’ll need to update third-party manually — although MacKeeper’s Update Tracker can help with this.
Set up encryption with FileVault
Using FileVault, you can encrypt the data on your main disk so it can’t be accessed by unauthorized users. Any Mac with an Apple T2 or M1 chip already encrypts data by default, but FileVault can add further protection by requiring a password to decrypt data. To use FileVault, you need to have an administrator account, which you should have if you’re the owner of the Mac you’re using. You’ll find FileVault in your Mac security settings.
Here’s how to set up FileVault on a Mac:
1. In System Preferences, select Security & Privacy
2. Now click FileVault at the top
3. Click the padlock
4. Enter your login details, and click Unlock
5. Click the Turn on FileVault button
6. Choose whether you want to use iCloud or a recovery key. This will unlock your disk and reset your password if you forget it. Click Continue
Enable the firewall
Oddly, although macOS contains a firewall, it’s not enabled by default. So you need to turn it on if you want to control what outgoing and incoming connections are allowed.
Here’s how to enable the macOS firewall:
1. From System Preferences, select Security & Privacy
2. Click Firewall
3. Click the padlock at the bottom
4. Enter your login details, and click Unlock
5. Click the Turn On Firewall button
6. Click Firewall Options if you want to tweak the firewall settings
Limit apps to the App Store
Because Apple has total control over what apps get into the App Store, it’s a pretty good way to provide security for Macintosh computers. By allowing only App Store software to be installed on your Mac, you can avoid rogue software.
How to limit apps to the Mac App Store:
1. Select Security & Privacy from System Preferences
2. In the General tab, click the padlock
3. Enter your details. Click Unlock
4. Under Allow apps downloaded from, select App Store
Tweak privacy settings
The Privacy section of your Mac’s security settings is essentially a permissions panel. Here you can define which apps are able to do certain things, like access your Mac’s microphone or see your current location.
How to tweak Mac privacy settings:
1. Open System Preferences, and select the Privacy tab
2. In the left-hand menu, scroll through the different categories, and select one
3. Click the padlock
4. Enter your details, and click Unlock
5. Use the plus and minus buttons to add or remove permissions
Use Keychain Access to manage passwords
The more complex your passwords are, the harder they are to crack. Unfortunately, complex passwords are also more difficult to remember. And because you should never reuse passwords, it becomes even more difficult to keep track of what all your passwords and usernames are. Keychain Access can help with that, by securely storing your passwords and allowing you to access them when you need to.
You can find your stored passwords in the Keychain Access app, found in Applications > Utilities. You can also store your Keychain online in your iCloud, so you can access it from other devices, including iPhones, iPads, and other Macs.
How to set up iCloud Keychain on your Mac:
1. In System Preferences, click Apple ID
2. Select iCloud in the sidebar
3. Click the box next to Keychain
How to secure your Mac with third-party tools
Your built-in Mac security can only protect you up to a point. The more layers of protection you have, the safer you’re likely to be. And third-party security developers are, of course, entirely dedicated to protecting Macs, so specialist Mac security software tends to be more effective than what you get with macOS.
At the very least, you should have some kind of Mac antivirus installed. A third-party firewall isn’t strictly necessary, but it’s well worth having one anyway, especially as there are great free firewall apps. You might also want to consider a VPN service if you’re concerned about privacy.
Third-party Mac antivirus recommendations
With Mac malware growing at a previously unprecedented pace, the market for Mac security tools has grown too. Big players in the antivirus market like Bitdefender now have dedicated Mac apps, while programs like MacKeeper focus on providing all-around protection and optimization for Macs. For Mac owners on a budget, there are also free antivirus apps like Avast Security. These are just some of the best antivirus apps for Mac, though, and any of them will make a valuable addition to built-in Mac security and privacy features.
Third-party Mac firewalls recommendations
If you want more control over incoming and outgoing network connections, a third-party firewall can make a big difference. Without a doubt, LittleSnitch is one of the best Mac firewalls around. It can alert you whenever an app wants to access the internet, and you can easily decide what it’s allowed to do. A good free alternative is Lulu, which offers the same basic functionality at no cost. It’s not quite as powerful in terms of custom rules, but it’s well worth checking out. Another good option is Radio Silence.
Third-party VPN apps for Mac recommendations
One of the best ways to protect your privacy is to use a virtual private network (VPN). Essentially, this routes all your internet traffic through your VPN provider’s servers, hiding your location and your private information in the process. There are tons of good dedicated VPN services with Mac apps, including ExpressVPN, CyberGhost, and SurfShark. If you have a MacKeeper subscription, though, you don’t need a separate VPN service — it comes with the Private Connect VPN built in.
How else can you protect your Mac?
Using built-in Mac security features, combined with third-party tools, Mac owners can protect themselves from most threats. But they should also follow basic safety practices to further lessen their risk.
Here are some of the key safety measures Mac owners should take:
- Use strong passwords
- Don’t reuse passwords
- Keep your software updated
- Don’t download pirated content
- Never open email attachments from people you don’t know
- Back up your data regularly
- Use two-factor authentication
- Avoid public Wi-Fi
For more information, check out our guide to avoiding cybercrime. These are all simple changes you can make to your behavior, but they can greatly increase your chance of staying safe and keeping your Mac virus-free.
No security solution is ever going to be 100% effective. And criminals are always looking for new ways to rip people off. But by changing some of your Mac security and privacy settings and boosting your defenses with third-party software, you make life much more difficult for them.
How do I do a security check on my Mac?
There’s no single way to do a security check on a Mac. To keep your Mac secure, you need to go through a variety of steps. You should regularly check for malware, for a start. And you should keep an eye out for signs of malware infection, like slow performance, random restarts, and excessive ads. You should also use a password manager like Keychain to create strong passwords and to make sure you don’t reuse them.
Does a Mac need antivirus?
Yes, Macs need antivirus. They were never immune to malware, but criminals didn’t bother attacking them because they were too niche. That’s not the case today, and malware for Macs is becoming increasingly common. XProtect, the antivirus built into macOS is better than nothing, but it doesn’t match up to dedicated third-party security apps.
Does Mac have a built-in virus scanner?
XProtect is built into macOS. It automatically scans apps when they first launch or are updated, as well as when XProtect signatures are updated. If it detects malware, it can stop it from running and give the user the option of deleting the infected file. XProtect isn’t as good as dedicated Mac security apps, however, meaning a third-party solution is still recommended.
Should I have my firewall on my Mac?
The macOS firewall is turned off by default, and for good reason — it’s not really needed for security purposes. It can be useful, though, if you want to prevent certain apps from receiving incoming connections. But third-party firewalls give you much more control and are easier to use.
Are Macs harder to hack?
No, Macs aren’t harder to hack than systems like Windows PCs, at least not in any significant way. All hardware and software companies are caught in a never-ending game of cat and mouse with cybercriminals, trying to prevent attacks or patch up security holes. Traditionally, Macs have been less of a target, but that’s no longer the case, and new Mac security threats are emerging all the time.