There is nothing about your Mac that makes it completely immune to online threats. Many security breaches – like the KeRanger attack – can compromise your personal information. Luckily, macOS supports a variety of settings and tools you can use to safeguard your online privacy.
In this article, I’ll go over some of the biggest threats to your Mac’s security. You’ll also learn how to optimize your Mac’s security settings, and what tools are available to best protect your sensitive data.
|Note: Mac is one of the most secure computers in the world but at the same time, its built-in security defenses don’t protect you against online threats. To be fully protected, be sure to take my advice.|
Why You Need to Secure Your Mac
Due to their rise in popularity, Macs have become more susceptible to online threats. This means you’re just as much at risk as other PC users when it comes to:
This is a method of collecting personal data using fake websites and emails. Hackers can use it to steal your private information such as bank account passwords or social media credentials.
Malware is a program that performs a variety of functions including tracking, stealing, or deleting your sensitive data. It’s typically disguised as legitimate software.
Websites without HTTPS or a padlock in the search bar are unsecure. Anything you write or submit to them can be easily read, stolen, or modified by cybercriminals.
This is another name for unwanted software that modifies a web browser’s settings without permission. Your Mac’s Safari browser can be hijacked to obtain your email credentials and other sensitive data.
A man-in-the-middle attack (MITM)
MITM allows hackers to enter the network you’re using to browse. This mostly happens when you connect your Mac to an unsecured WiFi network.
While Apple releases updates to protect macOS from such threats, those patches are not issued immediately. Meanwhile, your privacy is unprotected. You should take extra precautions to improve your Mac’s security.
What is Gatekeeper and Is It Enough Protection?
Your Mac has a security feature that protects it from malicious apps and other unwanted software. Called Gatekeeper, it only allows apps that Apple has vetted and approved for the Mac App Store to be installed.
What happens if you try installing an app from a third-party website? You will see the following message:
You can proceed with the installation, but you’ll have to do it manually through Gatekeeper.
3 Steps to Bypass Gatekeeper’s Restrictions
Open System Preferences and choose Security & Privacy.
Click the General tab and find Allow apps to download from.
Click Open Anyway to install the app on your Mac.
|Note: It’s impossible to disable Gatekeeper completely, so you’ll need to do this every time. If you can’t verify the legitimacy of the app’s developer, you could be installing a malicious app. Gatekeeper saves you from potentially weakening your Mac’s security.|
According to research company Symantec, hackers have been able to bypass Gatekeeper’s security. Also, the feature has been designed to treat both network shares and external hard drives as safe locations. So if a hacker can trick you into downloading a malicious file, they can easily escape Gatekeeper’s security checks.
That is why I have concluded that Gatekeeper doesn’t offer enough protection from security threats. It’s a line of defense that can improve the detection of malware, but it’s not a foolproof solution. You need to combine it with other security software to ensure the complete safety of your Mac.
Mythbuster — Are Macs Immune to Malware and Viruses?
The Mac community used to be small. That’s why cybercriminals used to focus on the more popular Windows platform. However, as more people started using Macs, cybercriminals started looking for more ways to bypass its security.
|Note: Apple used to claim that Macs are immune to viruses. However, they completely removed this statement from their website in 2012.|
Even with your built-in anti-virus, you’re still vulnerable to cyber attacks. Below are 5 known attacks that specifically targeted Mac users over the past few years:
The Flashback Trojan: This is one of the most significant Mac attacks that infected more than half a million Macs in September 2011. It was a malware disguised as Flash player software, with the purpose of stealing targets’ login credentials.
MacControl APT: In 2012, Uighur-activist Mac users were targeted in an email phishing campaign. By clicking on a zip attachment, they unknowingly installed a malicious app. This allowed the hackers to control their Mac remotely and steal their private information.
The Keydnap Trojan: Keydnap was discovered by ESET researchers in 2016. This backdoor trojan infected the Transmission BitTorrent client for Mac. Its purpose was to steal passwords from the Apple KeyChain app.
KeRanger: Many people are aware of the WannaCry ransomware attack on Windows users in 2017. However, few people know that Mac users suffered a similar attack more than a year before. KeRanger encrypted all the victim’s files. To regain access, users had to pay a ransom to receive a decryption code.
CrescentCore: This Mac malware was discovered in June 2019. It was disguised as an Adobe Flash Player DMG file. It also had a signed Apple developer certificate, which allowed it to bypass Gatekeeper. It was distributed through various sites with the intention of installing malicious infections on devices running macOS.
|Important! According to Kaspersky, there were more than 4 million malware attacks on macOS in 2018 alone. This is all the more reason for you to take extra steps to safeguard your Mac.|
How to Optimize Your Mac’s Security Settings
Cyber-attacks shouldn’t be your only concern – your Mac’s default settings are not optimized to protect your sensitive information. Using strong passwords will keep your Mac more secure. Additionally, you can configure the following settings to enhance your Mac’s security.
Quick Guide: 5 Mac Settings you can change to optimize security
|Sharing Services — Disable any unnecessary sharing services on your Mac.Location Services — Manage which apps can access your location.Firewall Settings — Activate your Mac’s firewall and enable Stealth Mode.Guest User — Set up a guest user account to ensure only you can access your personal files.Spotlight Suggestions — Disable this feature to maintain your privacy.|
Disable Sharing Services You Don’t Need
Turning off any sharing services you’re not using can significantly improve your Mac’s security. In fact, the majority of Mac users can do without screen sharing, printer sharing, remote login, etc. Follow these steps to disable sharing on your Mac:
4 Simple Steps to Disable Sharing Services
Open System Preferences and select Sharing.
Find the list of services on the left.
Check for ticks in the checkboxes below the On heading.
Remove ticks for sharing services you don’t need.
Manage Which Apps Can Access Your Location
Location privacy is more important than you think! Hackers can use location data to track where you are, which in turn can help them steal your identity. Make sure to disable location services for any apps you don’t trust by following these steps.
Open System Preferences and select Security & Privacy.
Choose the Privacy tab and find Location Services in the left-hand menu.
Click the lock icon in the lower left corner and enter your administrator password.
Uncheck the apps you don’t feel need access to your location.
Activate Firewall and Stealth Mode
macOS’s firewall feature stops unwanted network traffic. Stealth Mode prevents it from responding to unexpected network requests, making it invisible. Both of these features make your Mac less vulnerable on public networks. Follow my 5 easy steps to activate them.
5 Easy Steps to Activate Firewall and Stealth Mode on Mac
Open System Preferences and Select Security & Privacy
Choose the Firewall tab and click the lock icon in the lower left corner
Enter your administrator password
Click the Turn On Firewall button and then click Firewall Options below it
Check the Enable stealth mode box and click OK
Set up a Guest User
When you allow others to browse on your Mac, they’ll have access to your personal information. This includes your browser history, preferences, and apps you’ve installed. Luckily, the Guest User feature in macOS enables you to let others use your Mac without compromising your privacy. Guests can’t access your apps, browser history or search queries.
Because Guest User is turned off by default, you’ll need to follow my 4 simple steps to activate it on your Mac.
4 Simple Steps to activate Guest User on Your Mac
Open System Preferences and select Users and Groups.
Click the lock icon in the lower left corner and enter your administrator password.
Click on Guest User in the list of options on the left.
Check the box next to Allow guests to log in to this computer.
Disable Spotlight Suggestions and Web Searches
Spotlight might look harmless, but it’s quietly sending your search data to Apple. That is how it is able to give you suggestions for content. The data may also be shared with third-party providers like Bing to display relevant results for your searches. You can disable this and keep Spotlight searches to the contents of your Mac by following these 3 steps.
3 Basic Steps to Disable Spotlight Suggestions
Open System Preferences and select Spotlight.
Uncheck the box next to Allow Spotlight Suggestions in Look up.
From the list, uncheck the Spotlight Suggestions tick box.
6 Essential Security Tools for Mac
In addition to optimizing your Mac’s settings, you also need to have proper security tools in place. After all, popular attack methods such as phishing do not rely so much on bypassing internal security features. The only way to successfully protect your Mac and privacy from such breaches, is to use the right tools.
I’ve tested various tools that claim to enhance Mac’s security. Below are my top 6 recommendations.
Quick Guide: 6 Essential Security Tools for Mac
Your Mac’s built-in virus protection makes it more secure than other PCs. Despite this, hackers are increasingly targeting Mac users. They can now make changes on your computer by tricking you into downloading malicious files on the internet. Having a good anti-virus software can help protect your Mac from their evil intentions.
Most anti-virus companies now offer Mac versions that perform both drag and drop and full-system scans. Scans are conducted on a continuous basis unless you change the settings, and malicious files are kept in a special storage with the option to delete.
|I tried several anti-virus solutions and found that Sophos and Avast worked best on my Mac. Both of them offer custom scans for individual folders, files, or your entire device. Sophos even offers real-time scanning, so you’ll be warned as soon as malware attempts to bypass your Mac’s security.|
Virtual Private Network
Mac’s built-in protection also fails when it comes to IP theft. Hackers can use techniques like browser hijacking to obtain your IP and figure out which network you’re on. From there, they can work out which devices are connected to it and therefore, what OS you’re using. With this information, they can design a targeted attack that damages your files, OS, and more – without you finding out.
The best way to stop hackers from stealing your IP address is to use a VPN. While the Mac App Store has hundreds of these, I know from experience that only premium VPNs can provide long-term security to your Mac. The best VPNs for Mac come with security features like a no-logs policy, an automatic kill-switch, and military-grade encryption.
|From the various premium VPNs I tested, NordVPN and ExpressVPN performed the best. Both of them offer AES 256-bit encryption, an automatic skill switch, and a no-logs policy. This means your Mac’s IP address can’t be recorded, stored, or monitored by any third parties when you’re connected to the internet.|
Using the same difficult password across all of your sites and apps may seem like the best solution. However, this will place your security at risk as cybercriminals will only need to obtain your password once. From there they will be able to gain access to all of your personal information.
While the Safari browser on your Mac has a built-in password manager, it isn’t the most secure option. Hackers can easily conduct a cyber attack to hijack your browser’s contents. In the event they succeed, you could potentially lose access to every online account you have. There are better tools you can use to securely manage password on your Mac.
|Dashlane is a password manager with high-level security features that supports macOS. I’ve been using it for years. It allows me to easily manage my passwords. Another cool thing about Dashlane is that it analyzes your overall online security status and provides suggestions on how you can improve. This is definitely a good tool to have to improve your online safety as a Mac user.|
The internet’s rise in popularity among consumers has also led to advertising companies expanding their scope. Advertisers can now collect your personal data and display ads in your Mac’s browser. These ads come in various forms, such as banners or pop-ups, and are sometimes bundled with malicious software that can compromise your Mac’s privacy.
To prevent this from happening on your Mac, you can change the settings of your Safari browser by following the 4 steps below.
4 Steps to Disable Pop-up Ads in Safari
Open the Safari app on your Mac and click Safari at the top of your screen.
Select Preferences and click on Websites.
Choose Pop-up Windows from the General section of the sidebar.
Find the option for When visiting other websites and choose Block and Notify.
You can also install an ad blocker, especially if you’re using an alternative browser.
|I tested various ad blockers on my Mac, and I was especially impressed with AdBlock Plus. Not only is it easy to set up, but it’s also free. Once activated, AdBlock Plus will prevent ads from popping up in your browser and protect your Mac from malicious apps.|
Open the Safari app and click Safari at the top of your screen.
Select Preferences and click on Security.
HTTP websites leave you vulnerable to DNS hijacking, eavesdropping and other online threats. If you continue to browse an HTTP website, cybercriminals can steal your information because your Mac’s connection isn’t encrypted. This is why you should always use the HTTPS protocol when using the internet on your device.
The EFF (Electronic Frontier Foundation) has been offering the HTTPS Everywhere browser extension for many years. The extension ensures you automatically use the secure HTTPS encryption – if it’s available – when visiting websites. This way nobody can spy on your personal information while your Mac transmits it over the internet.
|I’ve found HTTPS Everywhere to work on WordPress blogs. Most of them by default have limited ability to support encryption over HTTPs. The fact that this extension converted many HTTP connections to HTTPS really impressed me. If you’re using Chrome, Opera, or Firefox on your Mac, then this extension is the perfect way to enjoy a worry-free browsing experience.|
Best Browser For Mac — How Secure is Safari?
Most browsers are not developed to focus on privacy. They usually collect your personal data, which can then easily be intercepted by hackers. To maximize your online privacy when browsing on your Mac, you should use a secure browser.
And there’s no doubt that one of the most secure browsers for your Mac is Safari.
The most obvious benefit of Safari is that it’s already a part of macOS, so you don’t need to download anything. Additionally, Safari has a cross-site tracking feature to prevent third parties from tracking your activity across websites. To activate it, follow the 3 steps below.
3 Basic Steps to Disable Cross-Site Tracking on Safari
Open the Safari app on your Mac and click Safari at the top of your screen.
Select Preferences and click on Privacy.
Check the box next to Prevent cross-site tracking.
Safari has various built-in features to protect your privacy. However, it may not be compatible with some websites or services that you use. Or perhaps you want to sync your Mac’s browser history and bookmarks with non-Apple devices that aren’t compatible with Safari.
Luckily, there are other options for you to consider. I have tested various alternative browsers on my Mac. Below are my top 3 picks.
Quick Guide: 3 Best Alternative Browsers for Mac
|Firefox — Open-source browser that protects your Mac against phishing and malware.Epic Privacy Browser — Open-source browser with strict security features to optimize your privacy.Opera — Fast, secure browser with an easy-to-use interface.|
Firefox is an open-source browser that was created by Mozilla, a non-profit organization. It comes with an extension that securely syncs your passwords across all your devices, including your Mac.
Firefox also provides protection against phishing and malware. In addition to that, its Do Not Track feature prevents websites from tracking your online activities.
This browser is easy to use and very flexible, but also very secure. That’s why it’s my recommended alternative browser for my Mac.
Epic Privacy Browser
The Epic Privacy Browser is also an open-source browser that’s maintained by volunteers. This is probably the most security-focused browser ever. It even has a no add-ons policy, because the developers view all extensions as potential threats.
Furthermore, it disables all Google services to avoid using Google’s servers. When you connect to a search engine, Epic routes your request through a proxy server to hide your IP address. So if you use this browser, Google has no way of tracking you, making it an excellent choice for privacy-focused Mac users.
Though Opera is one of the least popular browsers, it’s also one of the most secure. With its integrated VPN, it hides your IP address to protect your Mac against online threats.
Other safety features include protection against malware and fraud, as well as an ad-blocker. Opera is also fast and has an easy-to-use interface, which is why it’s one of my top choices.
3 Most Secure Search Engines for Mac
Popular search engines like Google, Bing, and Yahoo keep track of your IP address, unique identifier, and the search terms you’re using. In some cases, they’re sharing this information with third parties without your knowledge — and profiting off this violation of your privacy.
This is especially true for Google, which makes big business on data collection. All of its services collect your personal information, including Google Search, Google Maps, and Google Ads. However, there are steps you can take to manage your privacy when using these services.
|Pro tip: If you’re tired of Google spying on you, you can check out this list of alternatives to your favorite Google products.|
It’s important to remember that you can’t stop these big search engines from collecting your information. Instead, you should try one of my recommended search engines for Mac.
Quick Guide: Top 3 Secure Browsers for Mac
|Startpage — Allows you to browse privately without selling your personal data to third parties.Searx — Open-source metasearch engine that gathers data from search engines without violating your privacy.DuckDuckGo — Popular search engine that saves your search history but not your IP address.|
This Netherlands-based search engine uses a proxy. This means that it doesn’t use your IP address for personal data collection. It also has a strict policy against logging activity, and it doesn’t sell any of your data to third parties.
Startpage allows you to browse photos and videos privately. In addition to browsing privacy and data security, it also offers filtering options to enhance your searches.
Searx is an open-source metasearch engine. It gathers information from other search engines without violating your privacy.
A big benefit of being open source is the amount of customization options you get. You can choose which search engines you want to pull results from and narrow down categories.
DuckDuckGo was founded in the US in 2008. This popular search engine gives you results from more than 400 sources. Popular sources include Bing, Wikipedia, and Yandex.
Though it does save your searches, it doesn’t store your IP address or unique identifier. This means that none of the stored information is personally identifiable, so your privacy isn’t compromised.
|Important! Because some searches convey personal details, DuckDuckGo may know information like your name, address, and social security number. The company states that any saved information is to improve the service, not learn about users.|
3 Most Secure Email Clients for Mac
|Important! Emails get uploaded to an email server before they are delivered to the recipient. This is where cybercriminals can intercept your sensitive information.|
Apple’s Mail app uses Secure/Multipurpose Internet Mail Extensions (S/MIME) to encrypt your emails. If you’re using a webmail system such as Gmail or Yahoo Mail, your emails will be protected by Hypertext Transfer Protocol Secure (HTTPS) encryption.
Don’t rely on these two encryption tools to keep your emails safe — they only work during the transmission process. Once your email is uploaded to the server, the encryption disappears and all the information it contains is exposed.
Instead, you should use a secure email system to protect your personal information.
I have tested various email clients on my Mac to bring you 3 of the best.
Quick Guide: Top 3 Secure Email Clients for Mac
|ProtonMail — allows you to send anonymous emails through end-to-end encryption.Tutanota — An open-source email client that uses end-to-end encryption and two-factor authentication to safeguard your privacy.Hushmail — Allows recipients to read emails on a secure web page.|
ProtonMail is one of the most trusted private clients for sending anonymous emails. Based in Switzerland, this email client uses end-to-end encryption.
Unlike Apple Mail and other popular email clients, ProtonMail stores all of your information in an encrypted format. This means you’re protected both during and after the email has been sent.
You can also set messages to be deleted from the recipient’s inbox after a certain time. This makes it one of the best email clients for your Mac.
This Germany-based email client offers a free and paid version. It uses end-to-end encryption and two-factor authentication (2FA) to ensure that only you have access to your messages.
Tutanota is an open-source client, which allows experts around the world to continuously verify its security.
When you send an email with Hushmail, the recipient can read the message on a secure web page. This happens automatically if the recipient also uses Hushmail. For other recipients, you can easily check the “Encrypted” option to enable the feature.
Hushmail is heavily used by healthcare, law, and non-profit businesses to keep messages safe.
Want to Use the Dark Web on Mac?
Not everyone is aware of the fact that the internet consists of three layers: the surface web, the deep web, and the dark web.
The surface web consists of the websites and information you can find through search engines like Google and Bing. The deep web is everything else that cannot be accessed through traditional search engines. The dark web is just a small subdivision of the deep web and consists of encrypted content.
You can use the dark web to access sites and information that are otherwise hidden. This includes books, academic papers, and multimedia such as music and movies.
Contrary to common belief, it’s not illegal to access the dark web. And you don’t need a set of complicated technical skills, either — you can do it safely from your Mac. All you need to do is follow these 5 easy steps to install Tor — a secure browser that hides your IP address.
5 Easy Steps to Install Tor Browser on Mac
Go to the Tor Browser Download page.
Scroll down and click on the Apple icon.
Open the DMG file once it’s finished downloading.
Move the Tor Browser file into the Applications folder.
Open the Tor Browser and start browsing anonymously on your Mac!
You’ll have to be careful, though. The dark web is a popular platform for illegal activities due to the anonymity it provides. Even though Tor already hides your IP address, I recommend also using one of the best VPNs for Mac, such as ExpressVPN. This will ensure your Mac is protected while browsing the dark web.
4 Best Security Practices for Mac
As soon as you’ve purchased your Mac, you’ll need to implement certain security measures to maintain your privacy.
|Note: There are three main methods through which your Mac can be compromised: over the internet, through malicious emails, and by direct access.|
To help you maximize protection against these threats, I have compiled a list of 4 of the best security practices for your Mac.
Quick Guide: 4 Best Security Practices for your Mac
Make sure all your apps are updated.
Apple releases regular updates to most of their apps to ensure they remain secure. You can find security patches and other updates on the Apple Support page. The best way to stay protected would be to enable automatic updates, especially for your Mac operating system. That way, you’ll get the latest security patches as soon as they become available.
To enable automatic updates on your Mac, take the following steps.
3 Easy Steps to Enable Automatic Updates on your Mac
Open System Preferences and select App Store.
Check the box next to Automatically check for updates
From the drop-down list, check the boxes next to the following options:
- Download newly available updates in the background.
- Install app updates.
- Install macOS updates.
- Install system data files and security updates.
Alternatively, you can use the Mac App Store to install app updates. To do this, simply follow the 3 basic steps below.
3 Basic Steps to Manually Install App Updates from the App Store
Click the App Store icon in your dock.
Choose the Updates tab in the top navigation of the Mac App Store.
Click on the Update All button in the top right corner of the screen to update all apps to their latest available version.
Encrypt your hard drive.
There have been many reports over the years of stolen identities and financial fraud. In many of these cases, criminals obtained this sensitive information from unsecured files that were stored in the victims’ laptops or computers. Encrypting your hard drive will protect you in case your Mac gets stolen.
macOS now comes with a built-in encryption feature called FireVault. It uses 256-bit XTS-AES-128 encryption to protect your Mac’s startup disk. When you activate it, hackers will need a recovery key or a login password to access any data on your Mac. To enable this feature, follow my 4 simple steps below.
4 Simple Steps to Enable FileVault on Your Mac
Open System Preferences and select Security & Privacy.
Choose the FireVault tab and then click on the lock icon in the lower left corner.
Enter your administrator password.
Click the Turn On FireVault button.
Watch out for phishing scams.
Most phishing scams are carried out with the objective to steal your sensitive information. Cybercriminals use legitimate company names to try and persuade you into giving them your login credentials and passwords. They can then use these details to access your bank accounts, credit cards, and other personal accounts.
|Important! During the first six months of 2019, 1.6 million phishing scams disguised as legitimate Apple communications were already discovered by Kaspersky. This confirms that Mac users are increasingly susceptible to these types of attacks.|
To avoid being misled by cybercriminals, you should know how to identify different methods of phishing. That way, you’ll be able to stop potential threats from compromising your Mac’s security.
|Tips to avoid falling victim to phishing attacks:
The Safari browser on your Mac also has a feature that protects you against phishing and malware. Follow these 3 basic steps below to activate it.
3 Basic Steps to Activate Phishing and Malware Protection on Safari
Open the Safari app and select Preferences.
Click on Security.
Check the box next to Warn when visiting a fraudulent website.
Enable two-factor authentication.
To ensure that only you can access your Apple account, you should enable two-factor authentication (2FA) on your Mac. When you activate this feature, Apple will send you a confirmation code whenever you’re trying to log into your Apple ID. This means that hackers can’t get into your account simply by using your username and password — they’ll need access to your phone as well.
Below I have provided steps for activating two-factor authentication on Mojave, as well as Catalina.
3 Simple Steps to Enable 2FA on macOS Catalina
Open the Apple menu and go to System Preferences.
Under iCloud, choose Account Details and click Security.
Click Turn On Two-Factor Authentication.
Now you’ll have double protection to ensure that nobody can gain unauthorized access to your account!
Your Privacy – and Mac’s Security – Is In Your Own Hands
There’s no doubt that Macs are a great choice for personal and business use. But with the number of cyber attacks on Mac in recent years, you can’t ignore the importance of securing your personal data. Mac users have now become susceptible to phishing attempts, browser hijacking, Trojan attacks, and man-in-the-middle attacks that attempt to compromise their private information.
When it comes to your privacy and Mac’s security, Apple cannot keep you safe from every threat.
The best thing you can do to improve privacy is to optimize your Mac’s settings and install the right set of tools. As you probably know, ultimate protection starts with your Mac’s settings. Be sure to disable unnecessary sharing services, activate firewall, and disable spotlight search suggestions on your Mac. Additionally, you can use secure browsers, email clients, and other tools to prevent cybercriminals from spying on you.