How to make it harder for someone to hack your Mac

When I was at the Frankfurt airport recently, I saw a businessman leave his very expensive MacBook Air laptop on the table to go for a coffee. He was gone for five minutes, but in those five minutes someone could have stolen the computer or hacked it for valuable data.

Nowadays, however, hackers don’t need physical access to the machine. Using network sniffers, they can roam public Wi-Fi spots looking for weak spots or enter private Wi-Fi spots that don’t have passwords.

Image of a man preventing a thief from stealing his laptop

So, right from the start, you need to protect your macOS computer from these “bad actors”. You must keep in mind, however, before continuing, that you will never have 100% ironclad security, and if you find yourself up against a government agency, these basic steps are of no help at all.

But to stop the casual opportunist? Read on.

Add a passcode to your computer

This is an absolute no-brainer, but I’m amazed at the number of people who don’t care. It’s like going on vacation and leaving your front door open and wondering when you came back because you were burgled.

Adding a passcode is simple. Go to System Preferences – Security and Privacy. In the General tab, you can set a password, as well as specify how long after the computer sleeps the password is required. Obviously immediately is the best option.

Security and Privacy General window with Require password selected set to "immediately"

You can also add a password hint in case you forget your password, but unless you make the hint extremely vague for anyone reading it, I wouldn’t recommend doing that. Just create the password something you will surely remember.

Activate FileVault

One of the great things about a MacOS device is that when you have it completely shut down, the files contained on the hard drive are totally inaccessible. But to take advantage of it, you need to activate FileVault.

Located in System Preferences – Security and Privacy, FileVault encrypts the hard drive, but the encryption only activates if the computer is shut down completely. So try not to use sleep mode too often, especially if you’re out and about with your laptop in your bag.

When you turn it on, it will take a few hours to encrypt your entire hard drive, but it’s totally worth it for the ultimate peace of mind. If there’s only one thing you should do from this article, it’s FileVault. The rest is just icing on the cake.

Make sure the lock is turned on in System Preferences

Padlock icon shown in the System Preferences window

Unauthorized modifications to the computer System Preferences they are prevented by the use of a small lock icon in the lower left corner.

If you want to keep System Preferences safe, click the lock to close it. If you want to reopen it to change something, you will be prompted to enter the administrator password.

Do not log in as an administrator

System Preferences window asking for username and password

Another no-no is to log into your computer and use it for routine tasks as an “administrator”.

A user with administrator privileges is able to do everything on the computer. Installing and removing software, as well as adding and removing users are just two of them. If someone who has logged into your computer is already logged in as an administrator, give them the keys to the kingdom.

The solution to this is to create a normal non-administrator account and use it for everyday computer use. Leave the administrator account alone and use those login details only when the computer asks for them.

To create a new user, go to System Preferences – Users and Groups. Make sure the lock is unlocked at the bottom, then click the “+” at the bottom Access options. Create the new account a Standard one.

Don’t allow guest users

Disable guest users by unchecking "Allow guests to log into this computer"

Many people say that it is a good idea for you to have a guest user account to allow other people to use your computer. But I am of the opposite opinion.

While the guest user has much more limited access to your computer, they still have access to two important areas. First, they have access to all installed applications which they can use to perform any kind of malicious action.

Secondly, they also have access to the tmp directory where malicious scripts and malware can be stored.

So go to System Preferences – Users and Groups and disable the Guest User option.

Make sure automatic updates are turned on

Like any other operating system, Apple regularly releases macOS updates. Same with software – if a patch is needed, the developer will create one and submit it.

So it’s useless if the patch is there ready to be installed and you don’t have automatic updates turned on. Unless you like to manually check every single day and who has time to do it?

To turn on Automatic Updates, go to System Preferences – Software Update. Check the box that says Automatically keep my Mac up to date.

Automatically keep my selected Mac updated in the Software Update window

If then click Advanced box, you will see the available options. I suggest you check them all.

Advanced window in Software Update with all boxes checked

Turn on the firewall

This is also a bit of a no-brainer, but again, many people just don’t care.

Compared to Windows firewalls, which can involve a lot of changes, macOS firewalls are a one-click affair. Going to System Preferences – Security and Privacyand then the Firewall tab, you can activate the firewall with one click. And that’s really all.

I have never had to touch something in the Firewall options section. I’ll be writing an article about MacOS Firewall’s “Stealth Mode” shortly, but in general, keep things as they are in the screenshot below.

Security and Privacy window with 2 selected items

Anonymize your computer’s network name

This is one that was suggested to me by a friend not long ago, and it was something I had never considered before.

If someone hacks into your network, they will obviously see the names of all devices connected to that network. If there is only one device (your MacOS device) then this will have limited effect. But if you have multiple devices in your network, you can try to disguise your MacOS device by anonymizing its name.

For example, until I was warned, my computer name was “Mark’s MacBook Air”. I mean, I might as well have put up a sign that said “Come on! Get all my files here! ”. But by changing the name to something harmless, it is now among all my other connected devices.

Obviously, this is not foolproof. Anyone can control each device one by one, but it will take longer and make things more of a hassle for them.

Go to System Preferences – Sharing and at the top you will see the name of your computer. Click the lock at the bottom of the screen, enter your administrator password, and the edit button next to the computer name will suddenly become active. Click it.

Sharing window with local host name "nothing to see goes away" created

You will now be invited to change the name to whatever you want. To maintain “Use dynamic global host name”
deselected.

Disable sharing

All shares are disabled except for content caching

While you are in the Sharing section, it’s time to disable all but one of these options, content caching.

From what I’ve been able to find, Content Caching is fine and actually seems to benefit you. This in turn turns on internet sharing, so I guess you can leave that as well. But the others, like Screen Sharing, File Sharing, Remote Access, turn them off (unless you have a huge need to have them).

Conclusion

As I stated in the beginning, these measures will only stop the occasional snoop at the bar or a thief trying to steal your laptop for some quick bucks.

If you are attacked by a government agency or other form of professional, these measures will slow them down, but only for a very short time.

But anyway, better than nothing, right? Why make it easy for them?