Apple macOS Security and Privacy Guide 2020

Last Updated on

Apple’s computer operating system, macOS, runs on its MacBook, iMac, and Mac mini computers. You probably store a lot of data on your Mac and use it to access your online data, so you must set your security and privacy settings.

Apple security and privacy are well-known because Apple builds strong security and privacy features into its software. However, that doesn’t mean that you should simply accept the default macOS system preferences. There are changes you can make to increase the security and privacy of macOS.

For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.

macOS was formerly known as Mac OS. You may see it called Mac OS X or just OS X (the X is the Roman numeral for 10), but now it’s called macOS 10. Regardless of what you call it, let’s look at how to secure your Mac and protect your privacy.

This guide was last updated for macOS 10.15 on a Macbook Pro. The settings and steps may differ based on the version of macOS and computer.

Note: This page contains affiliate links. As an Amazon Associate, I earn from qualifying purchases. Please see Affiliate Disclosure.

Improve macOS Security and Privacy Using macOS System Preferences

To open the macOS settings, simply open the System Preferences app (a gray gear icon). We’ll go through the settings it contains in order.

There’s a padlock icon in the bottom left corner of many System Preferences screens. You may not be able to change some options until you unlock that padlock by clicking it and entering your Mac password.

iCloud

In System Preferences, click Apple ID. You’ll start in the iCloud settings.

Next to iCloud Drive, click Options. You’ll see a list of apps and items that can be stored in iCloud Drive. Uncheck the boxes for any items that you don’t want to store data in iCloud Drive. I recommend keeping to a minimum the data you store in iCloud.

Back on the iCloud screen, uncheck the boxes for any apps that you don’t want to store data in iCloud. I recommend keeping to a minimum the data you store in iCloud.

Scroll down the list to Find My Mac. This allows you to find, lock, or wipe/erase your Mac remotely, if it becomes broken, lost, or stolen. I recommend checking the box.

Siri

Go back to System Preferences, then click Siri.

Siri gives you more privacy than other voice assistants, but if you don’t want to use it (as I don’t), you can uncheck the box for Enable Ask Siri.

Spotlight

Go back to System Preferences, then click Spotlight.

You’ll see a list of categories that Spotlight can include in its search results. Most of these are locally on your Mac, but the Spotlight Suggestions category pulls info from the Internet. Although Apple says it does this in a privacy-respecting way, you may want to disable this by unchecking the box for Spotlight Suggestions.

If you do that, you should also uncheck the box at the bottom of the window, Allow Spotlight Suggestions in Lookup.

macOS System Preferences Spotlight disable Spotlight Suggestions

Notifications

Go back to System Preferences, then click Notifications.

What could a person learn about you if they could see messages, calendar reminders, and other notifications appear on your screen when you’re away from your Mac? I recommend adjusting your settings to not reveal such sensitive data.

For each app that has notifications that could reveal sensitive data, set Show notification preview to when unlocked, or uncheck the box for Show notifications on lock screen to not have that app show notifications on the lock screen. If you ever share the screen of your Mac, in person or online, consider unchecking the box for Show notification preview.

macOS Settings Notifications

Internet Accounts

Go back to System Preferences, then click Internet Accounts.

Click through each account and ensure that it’s syncing only the data you want synced.

Wallet & Apple Pay

Go back to System Preferences, then click Wallet & Apple Pay.

Add only the cards that you need to use on your Mac.

Touch ID

Go back to System Preferences, then click Touch ID.

Check the box for the items that you want to use Touch ID for.

Users & Groups

Go back to System Preferences, then click Users & Groups.

Review and edit any users and groups, as necessary.

Screen Time

Go back to System Preferences, then click Screen Time.

Screen Time allows you to control the amount of time that can be spent on activities, by yourself or others. You can use it as parental control software. Configure Screen Time as you wish for yourself or children who use your Mac.

Security & Privacy

Go back to System Preferences, and click Security & Privacy.

As you can tell from the name, this is a central place for many macOS security settings and macOS privacy settings.

Sometimes when you’re trying to open a new app, macOS or the app will tell you to change a setting in Security & Privacy. You ask yourself, “Where is Security & Privacy in my Mac?” Well, know you know that this is where you need to go (System Preferences > Security & Privacy).

We’ll go through the tabs at the top of the window.

General

Change Password: If you haven’t already, set a long, strong password (20+ characters, with a mix of uppercase, lowercase, numbers, and special characters). You’ll need to type this into your Mac from time to time, so make a password you can remember. You’ll need to enter this password to open any password manager you have on your Mac, so don’t rely on just grabbing it from your password manager (unless you plan to use a password manager on your phone). Once you create your password, I recommend saving it in a password manager, such as LastPass, in case you forget it.

LastPass: Secure Password Management
Free

LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

Require password after sleep or screen saver begins: This makes your Mac require a password after it’s been idle for a certain amount of time. I recommend immediately or 5 seconds.

Show a message when the screen is locked: Click Set Lock Message to set the message that shows on the lock screen. If a Good Samaritan finds your Mac, this will tell them how to contact you. However, don’t give away too much personal info, because a nefarious person could use it against you. Do not put your home address. I recommend putting a phone number and/or email address.

Allow apps downloaded from: Apple monitors its App Store pretty closely, so it’s a safe source for apps. Getting apps from other sources is riskier. I recommend choosing the App Store. If you try to run an app that you didn’t get from the App Store, macOS will tell you that it’s blocked. However, you can open this settings page and choose to allow the app, if you know it’s trustworthy.

macOS Settings Security & Privacy General
macOS app blocked from opening

FileVault

Click the FileVault tab at the top of the Security & Privacy window.

FileVault is a macOS’ way of encrypting your entire disk. It’s one of the best things you can do to secure your Mac because it means that if someone steals your Mac, they won’t be able to see or copy your data off the disk.

If it’s not already on, click Turn on FileVault. You’ll be asked how you want to recover if you forget your password. I recommend choosing Create a recovery key and do not use my iCloud account. I would rather not give that key to Apple. I recommend saving the recovery key in a password manager, such as LastPass.

Firewall

Click the Firewall tab at the top of the Security & Privacy window.

Go back to System Preferences, then click Firewall.

The firewall prevents “unauthorized applications, programs, and services from accepting incoming connections.” I recommend clicking Turn on Firewall.

Click Firewall Options. I recommend checking the bottom 3 boxes:

  • Automatically allow built-in software to receive incoming connections
  • Automatically allow downloaded signed software to receive incoming connections
  • Enable stealth mode

If you discover that these settings are breaking something (preventing something from communicating with your Mac, which you want to allow), open these settings and adjust as necessary.

macOS Settings Security & Privacy Firewall Options

Privacy

Click the Privacy tab at the top of the Security & Privacy window. On the left side of the screen, you’ll see several categories. Click through each one, setting your privacy as desired.

Location Services: I only allow Location Services for Find My Mac, which allows you to remotely find and erase your Mac. To do this, check the box for Location Services, then uncheck all the boxes below that. At the bottom of the list, next to System Service, click Details. Uncheck all boxes except Find My Mac.

macOS Settings Security & Privacy Location Services
macOS Settings Security & Privacy Location Services System Services

Camera: uncheck the box for any apps that shouldn’t have access to your camera.

Microphone: uncheck the box for any apps that shouldn’t have access to your microphone.

Full Disk Access: uncheck the box for any apps that shouldn’t have access to your full disk. It’s OK for backup software and security software (such as Mac anti-malware) to have access, but be wary of granting access to anything else.

Advertising: I recommend checking the box for Limit Ad Tracking, to limit the data Apple collects and stores about you. You may want to occasionally come here and click Reset Advertising Identifier to reset your identifier, which is used to track your activity. Learn more about Apple’s Advertising & Privacy. A few excerpts:

Advertisers can use an Advertising Identifier, or other information they have about users, such as a phone number or email to match users to segments on Apple’s advertising platform. During the match process, these identifiers are obscured to limit personally identifiable information being disclosed.

Whenever you want to clear the data associated with your Advertising Identifier, you can simply reset it.

If you enable Limit Ad Tracking, you may still receive the same number of ads, but the ads may be less relevant to you.

Apple’s Advertising & Privacy

Analytics & Improvements: I generally like to share data that helps make software and services better, as long as my data is anonymized. You may choose to disable some or all these options if you’d rather not send your data (even anonymized data) to Apple.

Personal data is either not logged at all in the reports generated by your Mac, is subject to privacy-preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple.

Apple

Software Update

Go back to System Preferences, then click Software Update.

Check the box for Automatically keep my Mac up to date.

Click Advanced, then check all the boxes.

Bluetooth

Go back to System Preferences, then click Bluetooth.

If you’re not using Bluetooth right now, click Turn Bluetooth Off. Bluetooth is easily compromised, so turn it on only when you need it.

Sharing

Go back to System Preferences, then click Sharing.

I recommend that you set the Computer Name to a name that doesn’t identify the Mac as yours, to make it harder for anyone trying to target you.

In the list of services, uncheck the boxes for all the services you don’t truly need to share. For those you enable, click through and carefully set additional settings.

Time Machine

Go back to System Preferences, then click Time Machine.

Check the box for Back Up Automatically. I recommend also backing up to an external disk. When you set it up, check the box for Encrypt Backup Disk. I recommend saving the password in a password manager, such as LastPass.

AirDrop

AirDrop lets you share files between Apple devices over Bluetooth. The feature is often abused by people who AirDrop nude photos or other unwanted content to nearby devices.

Open the AirDrop app (use Spotlight to open it, or find it in your Applications folder). If your Bluetooth is off, you’ll see Turn On Bluetooth. Click that to enable AirDrop.

Then, set Allow me to be discovered by No One. If you ever need to use AirDrop, you can temporarily change this to one of the other settings. Then change it back to No One, or even better, keep Bluetooth turned off, and only enable it when you need it.

macOS AirDrop Allow me to be discovered by

Back-Up Your Mac

Back up regularly. I recommend backing up to an external drive and the cloud. Why an external drive? If you need to restore a lot of data, it’s much faster to restore from an external drive than download from the cloud. Why cloud backup? If your Mac is hit by fire, a flood, or other disasters, or it’s stolen, your external drive will likely suffer the same fate.

As I mentioned above, I recommend using a macOS’ Time Machine to back up to an external drive.

There are many cloud backup providers. Choose one that lets you set your private encryption key. I recommend IDrive, but you can also look at the following:

BackBlaze: Affordable Cloud Storage
$60

BackBlaze provides an astonishingly easy and low-cost cloud storage for your files. You can automatically back up your Mac or PC files and access them anywhere.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
Carbonite: Cloud Backup Solutions for Home and Business
$72

Carbonite helps protect personal and business data from common forms of data loss. It also offers excellent defense against ransomware attack, hardware failure, and even for device loss or theft.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
IDrive: Online Cloud Backup and Storage
Free

With IDrive, you can backup unlimited PCs, Macs, iPhones, Ipads, and Android devices into a single account securely. Files and folders will be synced in real-time across all the devices.

We may earn a commission if you click this link and make a purchase at no additional cost to you.
Sync: Secure Cloud Storage
Free

Sync makes it easy to store, share, and access your files from just about anywhere. It also provides privacy protection with end-to-end encryption, ensuring your data are safe and secure in the cloud.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

macOS Security And Privacy: Using macOS Safely

Install all software updates (for macOS and apps) as soon as they’re available. You should set your device to do this automatically (see settings above), but also watch for any update prompts.

Install software only from the App Store, and only install software from outside it if you truly trust it. Before installing any software, check its ratings and reviews, and search online for reviews from reputable tech sites.

Be careful what access you grant to apps. When an app asks for access to your camera, microphone, contacts, location, etc., think carefully about whether it truly needs that access. You can always grant access later if you change your mind.

Don’t use public Wi-Fi for anything sensitive, because you’re using an insecure, untrusted network. Instead, tether to your mobile device or hotspot and use its mobile/cellular data, or use a VPN (virtual private network) to protect your traffic when using public Wi-Fi. I like ProtonVPN.

Even though there’s much less malware for macOS than for Windows, I still recommend scanning your Mac at least every two weeks. You can choose to scan weekly (an on-demand scan), or even have your anti-malware software run constantly in the background (sometimes called real-time scanning), if you want. I like Malwarebytes for Mac and Bitdefender Virus Scanner (both free). I recommend that you learn about the best Mac anti-malware, based on independent lab tests.

Apple’s iMessage system, which powers its Messages app, is end-to-end encrypted. That means iMessage can’t be read by third parties, making them much more private than standard SMS/text messages. Just remember that if you send messages to someone who’s not using an Apple device (if the messages are green rather than blue), those messages are outside of the iMessage system. Also, be aware that if you have an iPhone and have iCloud Backup enabled (and don’t have Messages in iCloud enabled), then Apple can read your messages. Learn how to prevent this in the Apple iOS Security & Privacy Guide. Keep in mind that your messages sent to others could still be backed up into their iCloud accounts. If you’re concerned about the privacy of your messages, consider a secure, private messaging app such as Signal or Wire.

Be sure to also secure your Apple account, which contains your iCloud account. Set a strong password and enable two-factor authentication.

If you use Safari as your browser (the default for macOS), follow the Safari Security & Privacy Guide.

Disable connections when you don’t need them, such as Bluetooth and Wi-Fi. This decreases your “attack surface”; it limits the ways your Mac could be compromised. It also limits how your location can be tracked.

Regularly delete unnecessary apps from your Mac. This decreases your attack surface; it limits the ways your Mac could be compromised.

Encrypt and erase your Mac before you sell or donate it. Ensure that you have your main drive encrypted (see details on FileVault above). Then follow Apple’s document What to do before you sell, give away, or trade-in your Mac.

BitDefender For Mac: Protect Your Device Against Threats
$39.99

BitDefender For Mac gives you protection against Mac malware. Quick to install and light on your computer resources. The only free antivirus that you will ever need.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

Leave a Comment