Macs have built-in security settings, but they’re often not used effectively — leaving your data and privacy vulnerable to attacks. However, even if you turn on all of Apple’s security features, it’s still not enough to keep your Mac 100% secure against the latest malware or other cybersecurity threats.
Here are the top 20 things you should be doing to secure your Mac and personal information from the most advanced cybersecurity threats in 2023.
1. Keep Your Mac’s OS & Software Updated
Keeping your Mac software and programs updated is possibly the simplest and most straightforward way of keeping your Mac safe from hackers. Cybercriminals target outdated software because they know where to find security vulnerabilities that developers only patch in updated versions.
The easiest way to keep your macOS software up to date is by enabling automatic updates. Simply click on the Apple icon on the top left of your screen, select About This Mac, and then click Software Update. If there is a new macOS version available that you’ve not yet installed, this will be shown here. Click Restart Now to install the update straight away.
To enable automatic updates, all you have to do is select Automatically keep my Mac up to date at the bottom of the Software Update window. Click on the Advanced button and double check all boxes are ticked — this will ensure you get all essential security fixes for macOS and your downloaded App Store apps and programs as soon as they’re released.
2. Secure Your Login Details & Settings
If you’re the only person that tends to use your Mac, it might be tempting to not use a login password, but this is a big mistake. If someone were to gain access to your Mac, not only can they access all of your files and data, but if your main account also has admin rights, they can cause even more damage.
There are a few simple steps to greatly improve your login security:
- Use a secure password.
- Disable auto-login.
- Disable password hints.
- Automatically lock your Mac as soon as it’s inactive.
To set up a secure password, open System Preferences and then Users & Groups. Click on your user account, then choose Change Password. You’ll need to choose a password that you can easily remember, but make sure it will also be hard to guess or crack.
Apple recommends adding a password hint, but this can also make it easier for others to guess your password, so I’d only use this if you really think you’ll need it. You can either leave the password hint field blank, or disable it by clicking on the Login Options button and unchecking the “Show password hints” box.
It’s also important to ensure that automatic login is disabled. This stops anyone that gains access to your device (i.e. if it’s stolen) from being able to log straight in.
From Users & Groups, click on Login Options and make sure the dropdown for Automatic Login says “Off”. If you have FireVault enabled (see below), or use your iCloud password to log into your account, you’ll find that auto-login is automatically disabled.
Finally, make sure your Mac automatically locks as soon as it is inactive. This prevents anyone being able to access it if you leave it unattended. Navigate to System Preferences > Security & Privacy, then check the box for “Require password […] after sleep or screen saver begins” under the General tab, and choose “Immediately” from the dropdown list.
3. Create a Non-Admin Account
If you’re not the only person that uses your Mac, create additional user accounts — without administrative privileges — to protect your personal data and your Mac’s overall security settings.
This means other users will have to log into their accounts with their own password and will only be able to access their own files and make changes to their own settings. More advanced settings that affect the security of your entire Mac are limited to the administrator only.
For the most protection, you can create a “Sharing Only” account, in which the user can only access files you’ve chosen to share but can’t access any other files or locations or change any settings on the computer.
To create new users, go to System Preferences > Users & Groups. Click on the padlock to make changes and enter your password, then click on the “plus” sign to add a new user, choose the type of user or group, and fill out the required information.
4. Disable Remote Access & Sharing
Remote access can be useful if you need to access the files on your Mac from anywhere. However, if your login details were to be compromised, this would mean others would also easily be able to remotely access all your files and data. So it’s well worth disabling this feature when you don’t need to use it.
Go to System Preferences > Sharing and untick the boxes next to “Remote Login”, “Remote Management”, and all the other sharing services you don’t need. My recommendation is to disable all sharing options until and unless you need them.
5. Change the Default Privacy Settings
Your Mac will have some default settings that allows Apple and other apps to share and view your data, including usage data and location.
This information includes:
- App access to your contacts, calendars, and other personal data.
- Location services.
- Diagnostic and usage data sharing.
To review and amend these settings, navigate to System Preferences > Security & Privacy. Under the Privacy tab, you’ll see all of the apps that have access to your data, including your location, contacts, calendars, and more.
Check through all these settings and make sure you’re happy with what each app has access to. And if in doubt — restrict the access.
You can also see if you’re unknowingly sending usage data to Apple and other app developers by clicking Analytics & Improvements at the bottom of the left-hand menu. Then simply uncheck the options for data you don’t want to be automatically sent to Apple or other app developers.
6.Enable iCloud Two-Factor Authentication
Two-factor authentication (2FA) is where you’re required to input a randomly generated one-time code along with your account password when logging into your accounts.
Two-factor authentication adds an extra layer of security by stopping hackers from accessing your data, even if they know your passwords, as they won’t be able to guess the randomly generated one-time password.
To set up 2FA on your iCloud account, navigate to System Preferences > Apple ID > Password & Security. Then next to “Two-Factor Authentication” and click Turn On. You’ll be asked to input your phone number to receive the two-factor authentication codes.
Once set up, you’ll now receive a one-time password every time you log into your iCloud account on a new device or when logging in online.
7. Turn on “Find My”
So long as you’ve activated it in advance, Apple’s Find My feature allows you to locate your Mac if it gets lost or stolen. But not only that, you can also remotely lock it and/or wipe your drive completely.
To set up Find My, you first need to enable it in location services. Go to System Preferences > Security & Privacy. Then in the Privacy tab, click on Location Services, click the padlock and enter your password to make changes, and tick the box to enable Find My.
Then go to System Preferences > Apple ID and click on iCloud in the left-hand menu. Scroll through the list of apps until you find Find My and click on Options. Then make sure both Find My Mac and Find My Network are turned to “on”.
In the event that you ever lose your Mac, you then simply need to access Find My via another Apple device or by signing into iCloud.com/find, and you can locate your device and either lock it remotely or erase its contents.
8. Turn On Your Mac’s In-Built Firewall
Apple has a built-in firewall that helps block unwanted inbound network connections and keep malware out of your network and device. This is a useful layer of protection that I’d always recommend using — however, it’s turned off by default so you’ll need to manually turn it on to benefit from this protection.
Simply open Security & Privacy from System Preferences, click on the Firewall tab, and then Turn On Firewall. If you’re a more advanced user, you can check the Firewall Options to choose more detailed settings. Otherwise, just let the default settings apply.
Apple’s firewall protects against incoming traffic only, so if any malware were to find its way onto your Mac, this firewall wouldn’t be able to prevent it from sending your data out. If you want that additional peace of mind, you can install third-party software like Intego, which includes an advanced two-way firewall.
9. Use a Mac Antivirus (That Actually Works)
Although Windows devices have traditionally been the main target of malware, hackers are targeting Macs more and more, so it is increasingly important to keep your Mac protected from new and emerging Mac-based malware threats.
Unfortunately, Apple’s built-in security features aren’t enough to keep your Mac 100% protected against threats like ransomware, spyware, keyloggers, phishing attacks, and data breaches, so you need an antivirus program to keep you fully protected.
There are a lot of great antivirus programs on the market, but most of them are built for Windows first, and their Mac programs are often a bit of an afterthought. Antiviruses like Intego and Airo AV, on the other hand, are Mac-first — and are purposely designed to protect Macs from a huge range of threats, including ransomware and online attacks.
When choosing a Mac antivirus (that actually works), you need to look for certain features that will help keep your computer safe:
- Real-time malware protection.
- Advanced ransomware detection and removal.
- Internet security tools.
- Phishing protection.
- Spyware protection.
Intego is my top choice for a Mac antivirus — it has a 100% malware detection rate as well as a whole heap of other useful features to keep your Mac both safe and running well. But if you want to shop around, check out our list of the best Mac antiviruses on the market.
10. Use a Privacy-Focused Browser
Staying safe and securing your privacy while browsing online can be difficult. Apple’s built-in internet browser, Safari, isn’t bad — especially as it includes an anti-tracking feature (see below). But it isn’t open-source, so it’s impossible to scrutinize its code, and Safari also offers far fewer and more irregular updates, which means users could be more exposed to potential vulnerabilities for longer.
And Google Chrome, undisputedly the most popular browser, is known to track a great deal of user data — after all, Google’s whole business model is based on knowing everything about its customers.
Using an alternative browser that is specifically known for its security and privacy is one of the best ways to stay safe online. Some of the best secure browsers are:
- Mozilla Firefox.
These privacy-focused browsers have built-in tools to ensure websites aren’t tracking your browsing activity or your IP address (i.e. trying to find your physical location), and they’re all open source. Brave’s browser also blocks malicious scripts that are hidden in scam websites that can hack your device without you knowing.
11. Use Safari’s Tracking Link Blocker (or Other Browser Extensions)
The browsers I previously mentioned are the best for security and privacy, but you might just want to stick with your usual browser.
Safari has an excellent anti-tracker blocker, which you should ensure is enabled if you use this browser. With the Safari browser open, simply go to Preferences, then Privacy, and make sure the “Website tracking” and “Hide IP address” boxes are ticked. If you click on Manage Website Data under the “Cookies” box, you can also see which websites are storing your data and choose to block them. From Preferences, you can also choose Privacy Report to see how many trackers Safari has blocked.
There are also a number of browser extensions for Google Chrome, Safari, and other popular browsers, which are effective at protecting you online. These extensions block ads and stop websites from tracking your browsing activity across the internet. They also work to protect you from phishing websites — sites designed by hackers to imitate popular websites, encouraging you to input your login details so they can steal your accounts and personal information.
12. Install a VPN (Virtual Private Network)
VPNs disguise your original IP address and replace it with an IP address in an entirely different location. This means that hackers and websites cannot trace your connection and find your exact location, making you completely anonymous online. VPNs also encrypt your browsing data, so even if hackers could spy on you, they wouldn’t be able to see what you’re doing.
VPNs are used for a lot of different reasons — but their main purpose is to give you complete privacy when you’re online.
Depending on your VPN needs and requirements, there are a lot of great options. You can either get a quality standalone VPN for your Mac, such as ExpressVPN, or go for one of the antivirus providers, like Norton 360 and TotalAV, which also include high-quality VPNs in their Mac antivirus packages — which make them a great value option if you’re looking for other forms of protection for your Mac, too.
13. Use a Password Manager
As mentioned previously, using a secure password to lock your Mac is essential. But it’s equally important to protect all your other accounts with secure passwords too, such as your social media profiles and online banking.
Using unique, complex passwords for all of your accounts is vital in this day and age. But with the hundreds of online accounts we now need for our day-to-day activities, remembering hundreds of unique passwords, not to mention truly secure ones, is — frankly — impossible. This is why it’s so tempting to use the same password for everything, but if you do this and your password is hacked, your entire online identity is compromised! A password manager is therefore the only real option.
There are many reasons to use a password manager, including:
- Instantly creating new, unique, complex passwords.
- Securely saving all your passwords in one place, and accessing them from any device.
- Saving time when logging in to websites and apps.
- Storing payment card information for online shopping.
Apple offers its own password manager — iCloud Keychain. It works by saving and securely storing your account login credentials, passwords, and payment card information. All information is encrypted with AES 256-bit encryption, also known as “military-grade encryption”.
While iCloud Keychain can be useful, it is limited — it can only be used for Apple products, so if you also have an Android phone and a Windows PC, you won’t be able to sync your passwords between devices.
There are many great alternative password managers for Mac, but 1Password and Dashlane are my top recommendations. They work with all operating systems, so you can seamlessly sync between all your devices, and they come with a huge range of features that make managing your passwords super easy — such as secure password sharing, data breach monitoring, and lots more.
14. Encrypt Your Hard Drive
Encrypting your hard drive basically means securing your data behind a password. For example, a thief or hacker wouldn’t be able to access personal information and sensitive documents on your device if they’re encrypted and require a password to unlock them.
Apple has a built-in encryption tool, named FileVault, which makes securing your most sensitive personal information very easy.
Simply go to System Preferences > Security & Privacy > FileVault > Turn On FileVault. To avoid forgetting the encryption password and losing access to your files, you’ll be given the option to use your iCloud account to decrypt your files and reset your encryption password if you forget it. Alternatively, you can create a recovery key. But you must keep a record of the recovery key somewhere safe, not on your device.
15. Back Up Your Files
Regularly backing up your files ensures that you’ll always have a copy of your files if something happens to your Mac, including if it gets lost, stolen, or needs repairs.
Apple makes backups easy with its Time Machine feature. Time Machine is used to regularly back up your files on a separate, external hard drive so that you can restore your Mac and data from a specific recent time.
To set it up, first connect an external hard drive that’s the same size (or bigger) as your Mac’s drive and has no other files stored on it. Open the Time Machine app from System Preferences, click Select Backup Disk, select the name of your disk, and then click Use Disk. And that’s it. I’d suggest ticking Back Up Automatically, so you don’t have to worry about remembering to backup manually.
Once you’ve set it up, Time Machine works automatically so long as your external drive is connected to your Mac (and it will send you reminder notifications if you don’t connect your external drive for a while). If your external disk runs out of space, Time Machine automatically erases the oldest version of the files to make room for the new one, so it’s a pretty failsafe option for ensuring you’ll never lose all your files.
Mac-based antivirus Intego also includes a backup feature that offers even better functionality than Time Machine. With Intego, you can:
- Schedule multiple different backups (e.g. music weekly, work files hourly).
- Back up specific files and folders.
- Create a “Bootable Backup” so you can quickly install your entire Mac’s contents onto a new Mac.
- Synchronize between 2 Macs, so they will each always have your latest files.
- Easily restore a previous backup onto your Mac.
Honestly, I think Intego’s Personal Backup is the best backup feature I’ve seen. But at the very least I’d recommend using Apple’s Time Machine to make sure your files are kept safe.
16. Delete Software You Don’t Need
If you’ve had your Mac for a while, you’ve likely got some software on it that you no longer need or use. Other than taking up space on your drive, outdated software can sometimes be a security risk, as it may have known vulnerabilities that remain exposed.
To check for old or unused apps on your Mac, click on the apple icon in the top right corner of your screen, select About This Mac, click on the Storage tab, and then click Manage.
Click on Documents and then choose Unsupported Apps to see a list of programs your Mac no longer supports — then delete them all. Then click on Applications and sort by “Last Accessed” to see apps you’ve not used in a long time, which you may want to delete.
17. Be Wary of the Software You Install
Cybercriminals often try to trick users into downloading fake or malicious software, so always be wary of any new software you install.
The safest bet is to only download apps from the Apple App Store, as these have all been checked and approved by Apple. Apple also has an “Identified Developers” list, which theoretically should mean it’s safe and reputable software, but there’s still a risk malware could sneak its way into these apps. So for extra security, you can change your settings to only allow App Store software to be downloaded.
From System Preferences, click Security & Privacy, go to the General tab, and next to “Allow apps downloaded from”, change to App Store.
Also be wary of any permissions that apps are asking for — such as needing access to your camera, microphone, or contacts — and only grant it if there is a good reason. And be very wary of any apps asking you to reduce your security settings in order to install.
However, the best and safest way to ensure you don’t accidentally download malicious software is by using a quality antivirus software like Norton or Intego. So long as you have their real-time protection enabled, the antivirus scanner will check all software before you start downloading it, and it will block anything malicious.
18. Disable Spotlight Suggestions
Apple’s “Spotlight” feature is a useful way of searching your Mac for apps and files, and by default, Spotlight also includes internet searches in order to offer you “Siri Suggestions”. However, data from all these searches can be shared with Apple. None of the data is associated with you, but there’s still a degree of privacy you’re potentially losing — particularly from the internet searches.
To increase your privacy, you can limit where Spotlight is able to search. Go to System Preferences > Spotlight, and in the Search Results tab, uncheck “Siri Suggestions” to eliminate the internet searches. You can also uncheck any other category you don’t want Spotlight to search (and subsequently log the data for).
You can also prevent Spotlight from searching specific folders and locations on your hard drive by adding or dragging the relevant folder into the Privacy tab.
19. Disable Siri
Like Spotlight, Siri (your Mac “personal assistant”) has access to all of your personal data, which is then shared with Apple. To prevent anything from being shared, simply disable Siri: Go to System Preferences > Siri and uncheck the box next to “Enable Ask Siri”.
Alternatively, you can choose exactly what data and apps you’re happy for Siri to have access to and share data on by clicking on the Siri Suggestions & Privacy button in the bottom right corner and reviewing the fields for each app listed.
Siri also uses your location to make suggestions, unless you disable this. To do so, go to System Preferences > Security & Privacy, choose the Privacy tab, and then under the Location Services category, uncheck Siri & Dictation.
20. Set a Lock Screen Message
While this isn’t something that will necessarily make your Mac more secure, setting a lock screen message (e.g. with your name and phone number) may help you to recover your Mac (and therefore all your personal files and data) if your Mac is lost or stolen and finds its way into an honest person’s hands.
To set this up, go to System Preferences > Security & Privacy > General. Click on the lock and enter your password to make changes, click Set Lock Message and enter the message you wish to display, hit OK, and then tick the box next to “Show a message when the screen is locked”. Your message will then be displayed at the bottom of your lock screen, visible to anyone who turns on your Mac.
Securing Your Data is More Important Now Than Ever
While cybercriminals have been targeting more and more Mac users recently, making simple changes like the ones described in this article can help you to fully safeguard your Mac and protect all your data.
Having a Mac antivirus that provides proper protection is probably the most important thing you can do to secure your mac. For more information, see our list of the 10 best antiviruses for Macs in 2023.
Frequently Asked Questions — How To Keep Your Mac Secure
How long do macOS software updates take?
The time it takes for your macOS software to install depends on the speed of your device. Updates can sometimes take a few hours for the installation to fully complete. For newer Macs, an update can take around 30 minutes to complete.
Before you update your Mac, it’s essential that you back up your data in case the installation fails.
What is the best antivirus for my Mac?
The best antivirus for Mac in 2023 is Intego. It is an antivirus designed specifically for Macs, and it’s proven to keep devices safe from Mac-based malware and viruses.
When choosing a Mac antivirus, you need to make sure the antivirus will protect you against:
- Online attacks.
- And more…
Macs do have security features built-in to the macOS software. However, these security tools aren’t enough to fully protect you from hackers and malware. So choosing an effective Mac antivirus is necessary.
Before choosing a Mac antivirus, you should check out the best Mac antivirus programs available, as they all come with a different range of features that may make one a better choice for you.
How does a VPN protect Macs?
A virtual private network (VPN) reroutes your Mac’s internet connection through a secure and private server — instead of the server provided by your internet service provider (ISP) who can track your online activity.
VPNs have multiple uses, including:
- Blocking your ISP from tracking your browsing data.
- Stopping hackers from targeting your device when you’re using public Wi-Fi.
- Accessing your local streaming services’ libraries when you’re in a different country.
You must choose a VPN service provider that guarantees 100% privacy.
Some VPNs (like almost all free VPNs) don’t have a “no-logs” policy, meaning they keep details of all your online activity while connected to their servers, which could then be shared with third-parties. Some also fail to fully protect your IP address, meaning websites can still track your true location
VPNs can be installed as standalone apps, but many of the best antiviruses now include secure, no-log VPNs with their software.
Can Apple track how I use my Mac?
Yes, unless you change your Mac’s default privacy settings. Apple wants to track your Mac usage to help with their product development, so your Mac computer comes with this option already enabled.
Apple can also do other things like track your location and iCloud usage.
You need to change your privacy settings so Apple no longer has this access.