Apple’s computer operating system, macOS, runs on its MacBook, iMac, and Mac mini computers. You probably store a lot of data on your Mac, and use it to access your online data, so it’s critical that you set your security and privacy settings.
Apple security and privacy is well-known, because Apple builds strong security and privacy features into its software. However, that doesn’t mean that you should simply accept the default macOS system preferences. There are changes you can make to increase the security and privacy of macOS.
For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.
macOS was formerly known as Mac OS. You may see it called Mac OS X or just OS X (the X is the Roman numeral for 10), but now it’s called macOS 10. Regardless of what you call it, let’s look at how to secure your Mac and protect your privacy.
This guide was last updated for macOS 10.15 on a Macbook Pro. The settings and steps may differ based on version of macOS and computer.
Note: This page contains affiliate links. As an Amazon Associate I earn from qualifying purchases. Please see Affiliate Disclosure.
macOS System Preferences
To open the macOS settings, simply open the System Preferences app (a gray gear icon). We’ll go through the settings it contains in order.
There’s a padlock icon in the bottom left corner of many System Preferences screens. You may not be able to change some options until you unlock that padlock by clicking it and entering your Mac password.
In System Preferences, click Apple ID. You’ll start on the iCloud settings.
Next to iCloud Drive, click Options. You’ll see a list of apps and items that can be stored in iCloud Drive. Uncheck the boxes for any items that you don’t want to store data in iCloud Drive. I recommend keeping to a minimum the data you store in iCloud.
Back on the iCloud screen, uncheck the boxes for any apps that you don’t want to store data in iCloud. I recommend keeping to a minimum the data you store in iCloud.
Scroll down the list to Find My Mac. This allows you to find, lock, or wipe/erase your Mac remotely, if it becomes lost or stolen. I recommend checking the box.
Go back to System Preferences, then click Siri.
Siri gives you more privacy than other voice assistants, but if you don’t want to use it (as I don’t), you can uncheck the box for Enable Ask Siri.
Go back to System Preferences, then click Spotlight.
You’ll see a list of categories that Spotlight can include in its search results. Most of these are locally on your Mac, but the Spotlight Suggestions category pulls info from the Internet. Although Apple says it does this in a privacy-respecting way, you may want to disable this by unchecking the box for Spotlight Suggestions.
If you do that, you should also uncheck the box at the bottom of the window, Allow Spotlight Suggestions in Look up.
Go back to System Preferences, then click Notifications.
What could a person learn about you if they could see messages, calendar reminders, and other notifications appear on your screen when you’re away from your Mac? I recommend adjusting your settings to not reveal such sensitive data.
For each app that has notifications that could reveal sensitive data, set Show notification preview to when unlocked, or uncheck the box for Show notifications on lock screen to not have that app show notifications on the lock screen. If you ever share the screen of your Mac, in person or online, consider unchecking the box for Show notification preview.
Go back to System Preferences, then click Internet Accounts.
Click through each account and ensure that it’s syncing only the data you want synced.
Wallet & Apple Pay
Go back to System Preferences, then click Wallet & Apple Pay.
Add only the cards that you need to use on your Mac.
Go back to System Preferences, then click Touch ID.
Check the box for the items that you want to use Touch ID for.
Users & Groups
Go back to System Preferences, then click Users & Groups.
Review and edit any users and groups, as necessary.
Go back to System Preferences, then click Screen Time.
Screen Time allows you to control the amount of time that can be spent on activities, by yourself or others. You can use it as parental control software. Configure Screen Time as you wish for yourself, or children who use your Mac.
Security & Privacy
Go back to System Preferences, and click Security & Privacy.
As you can tell from the name, this is a central place for many macOS security settings and macOS privacy settings.
Sometimes when you’re trying to open a new app, macOS or the app will tell you to change a setting in Security & Privacy. You ask yourself, “Where is Security & Privacy in my Mac?” Well, know you know that this is where you need to go (System Preferences > Security & Privacy).
We’ll go through the tabs at the top of the window.
Change Password: If you haven’t already, set a long, strong password (15+ characters, with a mix of uppercase, lowercase, numbers, and special characters). You’ll need to type this into your Mac from time to time, so make a password you can remember. You’ll need to enter this password to open any password manager you have on your Mac, so don’t rely on just grabbing it from your password manager (unless you plan to use a password manager on your phone). Once you create your password, I recommend saving it in a password manager, such as LastPass, in case you forget it.
Require password after sleep or screen saver begins: This makes your Mac require a password after it’s been idle for a certain amount of time. I recommend immediately or 5 seconds.
Show a message when the screen is locked: Click Set Lock Message to set the message that shows on the lock screen. If a Good Samaritan finds your Mac, this will tell them how to contact you. However, don’t give away too much personal info, because a nefarious person could use it against you. Definitely don’t put your home address. I recommend putting a phone number and/or email address.
Allow apps downloaded from: Apple monitors its App Store pretty closely, so it’s a safe source for apps. Getting apps from other sources is riskier. I recommend choosing App Store. If you try to run an app that you didn’t get from the App Store, macOS will tell you that it’s blocked. However, you can open this settings page and choose to allow the app, if you know it’s trustworthy.
Click the FileVault tab at the top of the Security & Privacy window.
FileVault is macOS’ way of encrypting your entire disk. It’s one of the best things you can do to secure your Mac, because it means that if someone steals your Mac, they won’t be able to see or copy your data off the disk.
If it’s not already on, click Turn on FileVault. You’ll be asked how you want to recover if you forget your password. I recommend choosing Create a recovery key and do not use my iCloud account. I would rather not give that key to Apple. I recommend saving the recovery key in a password manager, such as LastPass.
Click the Firewall tab at the top of the Security & Privacy window.
Go back to System Preferences, then click Firewall.
The firewall prevents “unauthorized applications, programs, and services from accepting incoming connections.” I recommend clicking Turn on Firewall.
Click Firewall Options. I recommend checking the bottom 3 boxes:
- Automatically allow built-in software to receive incoming connections
- Automatically allow downloaded signed software to receive incoming connections
- Enable stealth mode
If you discover that these settings are breaking something (preventing something from communicating with your Mac, which you want to allow), open these settings and adjust as necessary.
Click the Privacy tab at the top of the Security & Privacy window. On the left side of the screen you’ll see several categories. Click through each one, setting your privacy as desired.
Location Services: I only allow Location Services for Find My Mac, which allows you to remotely find and erase your Mac. To do this, check the box for Location Services, then uncheck all the boxes below that. At the bottom of the list, next to System Service, click Details. Uncheck all boxes except Find My Mac.
Camera: uncheck the box for any apps that shouldn’t have access to your camera.
Microphone: uncheck the box for any apps that shouldn’t have access to your microphone.
Full Disk Access: uncheck the box for any apps that shouldn’t have access to your full disk. It’s OK for backup software and security software (such as Mac anti-malware) to have access, but be wary of granting access to anything else.
Advertising: I recommend checking the box for Limit Ad Tracking, to limit the data Apple collects and stores about you. You may want to occasionally come here and click Reset Advertising Identifier to reset your identifier, which is used to track your activity. Learn more in Apple’s Advertising & Privacy. A few excerpts:
Advertisers can use an Advertising Identifier, or other information they have about users, such as a phone number or email to match users to segments on Apple’s advertising platform. During the match process, these identifiers are obscured to limit personally identifiable information being disclosed.
Whenever you want to clear the data associated with your Advertising Identifier, you can simply reset it.
If you enable Limit Ad Tracking, you may still receive the same number of ads, but the ads may be less relevant to you.Apple’s Advertising & Privacy
Analytics & Improvements: I generally like to share data that helps make software and services better, as long as my data is anonymized. You may choose to disable some or all these options if you’d rather not send your data (even anonymized data) to Apple.
Personal data is either not logged at all in the reports generated by your Mac, is subject to privacy preserving techniques such as differential privacy, or is removed from any reports before they’re sent to Apple.Apple
Go back to System Preferences, then click Software Update.
Check the box for Automatically keep my Mac up to date.
Click Advanced, then check all the boxes.
Go back to System Preferences, then click Bluetooth.
If you’re not using Bluetooth right now, click Turn Bluetooth Off. Bluetooth is easily compromised, so turn it on only when you need it.
Go back to System Preferences, then click Sharing.
I recommend that you set the Computer Name to a name that doesn’t identify the Mac as yours, to make it harder for anyone trying to target you.
In the list of services, uncheck the boxes for all the services you don’t truly need to share. For those you enable, click through and carefully set additional settings.
Go back to System Preferences, then click Time Machine.
Check the box for Back Up Automatically. I recommend also backing up to an external disk. When you set it up, check the box for Encrypt Backup Disk. I recommend saving the password in a password manager, such as LastPass.
Back Up Your Mac
Back up regularly. I recommend backing up to an external drive and the cloud. Why an external drive? If you need to restore a lot of data, it’s much faster to restore from an external drive than download from the cloud. Why cloud backup? If your Mac is hit by fire, a flood, or other disaster, or it’s stolen, it’s likely that your external drive will suffer the same fate.
As I mentioned above, I recommend using macOS’ Time Machine to back up to an external drive.
AirDrop lets you share files between Apple devices over Bluetooth. The feature is often abused by people who AirDrop nude photos or other unwanted content to nearby devices.
Open the AirDrop app (use Spotlight to open it, or find it in your Applications folder). If your Bluetooth is off, you’ll see Turn On Bluetooth. Click that to enable AirDrop.
Then, set Allow me to be discovered by to No One. If you ever need to use AirDrop, you can temporarily change this to one of the other settings. Then change it back to No One, or even better, keep Bluetooth turned off, and only enable it when you need it.
Using macOS Safely
Install all software updates (for macOS and apps) as soon as they’re available. You should set your device to do this automatically (see settings above), but also watch for any update prompts.
Be careful what access you grant to apps. When an app asks for access to your camera, microphone, contacts, location, etc., think carefully about whether it truly needs that access. You can always grant the access later if you change your mind.
Don’t use public Wi-Fi for anything sensitive, because you’re using an insecure, untrusted network. Instead, tether to your mobile device or hotspot and use its mobile/cellular data, or use a VPN (virtual private network) to protect your traffic when using public Wi-Fi.
Even though there’s much less malware for macOS than for Windows, I still recommend scanning your Mac at least every two weeks. You can choose to scan weekly (an on-demand scan), or even have your anti-malware software run constantly in the background (sometimes called real-time scanning), if you want. I like Malwarebytes for Mac and Bitdefender Virus Scanner (both free). I recommend that you learn about the best Mac anti-malware, based on independent lab tests.
Apple’s iMessages system, which powers its Messages app, is end-to-end encrypted. That means iMessages can’t be read by third parties, making them much more private than standard SMS/text messages. Just remember that if you send messages to someone who’s not using an Apple device (if the messages are green rather than blue), those messages are outside of the iMessages system. Also, be aware that if you have an iPhone and have iCloud Backup enabled (and don’t have Messages in iCloud enabled), then Apple can read your messages. Learn how to prevent this in the Apple iOS Security & Privacy Guide. Keep in mind that your messages sent to others could still be backed up into their iCloud accounts. If you’re concerned about the privacy of your messages, consider a secure, private messaging app such as Signal or Wire.
Regularly delete unnecessary apps from your Mac. This decreases your attack surface; it limits the ways your Mac could be compromised.
Encrypt and erase your Mac before you sell or donate it. Ensure that you have your main drive encrypted (see details on FileVault above). Then follow Apple’s document What to do before you sell, give away, or trade in your Mac.