If you’re wondering how to improve your Mac security, you’ve come to the right place. Macs have excellent security settings, but unfortunately they aren’t always turned on by default. Below are our top 10 best practices for Mac security for small businesses, and lucky for you, you don’t need to be an IT professional to enable these security measures.
Are Macs secure? They can be! Almost all of the best practices below are quick to enable and (best of all?) free! If your business is in a highly regulated industry like financial services or healthcare, most of these steps are required or strongly recommended.
You may think of Macs as ‘hack-proof’ and much safer than Windows. That’s not necessarily true. Even a brand new Mac computer isn’t properly configured as soon as you open the box. Some of the default settings are for convenience and not strong security. These best practices are pretty quick to implement, so get to it!
The phrase ‘hardening a computer’ has to do with configuring security settings. It means you are making it ‘hard’ for a hacker to gain access. Hardening your computers is the best way to improve your Mac security and to protect your data and business.
Below are 12 best practices for Mac security. If you have an IT firm, share this list with them to make sure your computer is properly configured. Never assume these settings are already enabled – it’s best to double check.
Encryption is a must-have. With it, anyone who steals your computer can’t access the PHI without your password. With no encryption, if you lose your computer, you have a reportable breach on your hands.
Simply follow these instructions to turn on “File Vault,” the built in free encryption tool: https://support.apple.com/en-us/HT204837
Store your encryption recovery key in a safe place -- when you first set up encryption using File Vault, you will be asked to create a Recovery Key. Save the recovery key in a safe place, like another computer, a filing cabinet, or securely in the cloud. We like to store ours in LastPass (https://www.lastpass.com/), our favorite password management tool.
Take a screenshot of File Vault -- when File Vault is done encrypting your hard drive, take a screenshot (https://support.apple.com/en-us/HT201361) and save it for audit purposes. If your computer is ever lost or stolen, use the screenshot to prove that the computer is encrypted.
This is something you definitely need to have in place. There is no single “best” backup approach. However, make sure you pick one that you’ll actually use. The best ones are completely automatic, and don’t require you to remember to do anything.
Make sure your computer is set up to always apply the latest security patches for your operating system. Follow these instructions for turning on Apple updates: https://support.apple.com/guide/mac-help/get-macos-updates-mchlpx1065/mac
Verify that everything is patched -- unfortunately, auto-update only applies to your operating system (Apple macOS), and not to the other programs you install. We provide a service that scans your computer for unpatched software.
Delete unused programs -- you don’t have to patch what you don’t have. Once a quarter, go through your “Applications” folder and delete any programs you no longer use.
Free or paid, make sure you have an antivirus tool for your computer. All of them work fairly well these days.
If you’d like to see how your antivirus measures up, this site has some great reviews: https://www.tomsguide.com/best-picks/best-mac-antivirus
Get a web browsing antivirus tool, too. Hackers will try to get you to visit websites that install viruses or that try to steal your passwords. We like a service called DNS Filter that automatically blocks you from unknowingly visiting malicious websites.
Your computer should lock and require a password any time it is left unattended for more than 15 minutes. Follow these instructions to configure this: https://support.apple.com/guide/mac-help/set-your-mac-to-log-out-when-not-in-use-mchlp2443/mac
If your computer is ever lost or stolen, there is a chance that a good Samaritan will find it and try to return it. Use these instructions to put a message on your computer letting someone know how to reach you: https://support.apple.com/en-us/HT203580
In the event that a computer is lost or stolen, free utilities can help law enforcement to make a possible recovery. These systems aren’t foolproof, though, as they require an Internet connection. Make sure that these utilities are turned on, and test them once a quarter to make sure they’re still working.
Follow these instructions to enable Apple’s “Find My Mac” service: https://support.apple.com/en-us/HT204756
Modern browsers (like Chrome and Firefox) allow users to install Extensions. These are utilities to add features that aren’t built into the browser. However, Extensions generally have full access to everything you do in your Internet browser. Using an insecure browser extension could lead to a data breach or an infection. It’s a good idea not to install an extension unless you’ve done some research to make sure it’s safe. Your best bet is to only stick with extensions provided by major vendors, or that have high ratings and many thousands of installations.
Computer user accounts with Administrator privileges should never be used for day-to-day computing. If an attacker gets access to an Administrator account, they have full control of everything on your computer. Set up “Standard” User Accounts for everyone who uses the computer.
Follow these instructions to set up a “Standard” user account, and start using it for your day-to-day work: https://support.apple.com/kb/PH25796?locale=en_US
If something bad happens on a computer, it’s critical that you know who was actually sitting in front of the computer when the bad thing happened. When you’re creating new user accounts, use real names (e.g., John Smith) instead of generic names (User1, Administrator2, etc.).
Make sure the firewall built into your computer is turned on. Follow these instructions: https://support.apple.com/en-us/HT201642
And confirm your firewall is working -- use this site to scan your computer. (https://www.grc.com/x/ne.dll?bh0bkyd2). Click “Proceed” then “‘All Service Ports.” If your firewall is working properly, the results should be all green.
Follow these instructions (https://itstillworks.com/12319980/how-to-change-the-password-on-a-wireless-connection) to check that your wifi connections are secure. If they’re not, work with someone to make them secure, or don’t use them.
As cyberattacks continue to improve and evolve, it’s super important to take steps to protect your data and business. Following our 10 best practices for Mac security is a great starting point. Is MacOS secure? It absolutely can be, if you take the time to set up your computer properly. Your future self will thank you in the event of a cyberattack.
Setting up your Mac computers properly is just one part of good cybersecurity. Our Virtual CISO Service includes critical activities like vulnerability scanning, phishing training and tests, cloud service audits, domain/dark web/network monitoring and more. We work with 100 of the best financial services, healthcare and manufacturing companies in the US and would love to help you too!