Seven Simple Tips for Mac Security

Almost 20% of REALTORS® use Apple Macintosh computers in their business. In days past, the Macintosh was used by far fewer people, and it was considered to be safer than the PC platform because of it. Now, though, it is mainstream, and a frequent target of hackers and those seeking to exploit information security weaknesses. If you use a Mac, it’s important to take steps to make sure that you are taking all appropriate security precautions.

1. Keep Up To Date (Three Ways)

It’s important to keep your Mac up to date with the latest version and security patches.  Hackers take advantage of people who have older versions of the operating system or who delay patching their computer even for a short amount of time. For example, the “Goto Fail” SSL bug that affected hundreds of thousands of users for four days  was only fixed on Mac OS X 10.9.2 or later; earlier versions are still vulnerable.  Soon, some security patches may only be available for those on version 10.8 (Mountain Lion) or later. So, upgrade your operating system when new versions come out. While the principles in this article apply to most recent OS versions, the setting locations and illustrations will apply to version 10.7 or later. Also, make sure that “Software Update” is set to check for updates regularly. (Settings are found under App Store in System Preferences under the Apple menu.) 




App Store Icon in Preferences

 

System Updates Preferences

Additionally, it’s important to keep your third party software such as Java, Flash, and Acrobat updated  since vulnerabilities crop up there as well. Don’t delay keeping your operating system up to date and installing all of the recommended system and software updates!

2. Install Anti-virus / Anti-malware Software

No anti-virus or anti-malware software can stop all malicious software from damaging your computer, but it’s still important to use it as a precaution. Well-rated products include, but are not limited to, those from avast!, Avira, BitDefender, Comodo, ESET, F-Secure, Intego, Kaspersky, McAfee, Norton, Panda, Sophos, and Trend Micro. Always make sure you are downloading anti-virus software directly from the vendor’s website. Never download anti-virus from a pop-up message on your computer, especially while web browsing; there is a lot of malicious software online posing as anti-virus software.

3. Protect Your Logins

Do not use automatic login – require a password! If you currently allow automatic logins, disable this by going to “System Preferences” under the Apple menu, clicking on “Users & Groups”, clicking on the lock icon and typing in the administrator username and password, clicking “Login Options,” and selecting “Off” from the “Automatic login” menu. Choose a strong Mac password – more than eight characters long, including upper and lower case letters, numbers, and punctuation. Don’t write the password down somewhere where others can find it, and don’t use an obvious password hint. Sign out or “lock” your computer when leaving your computer unattended. Pressing Control-Shift-Eject (Control-Shift-Power on the MacBook Air) will immediately lock your display. Advanced users may want to use a “modified hot corner” to make locking even easier.  In case you are forgetful, configure your screensaver to lock your computer after a few minutes of inactivity and to require a password to sign back in. To configure your screen saver, choose “System Preferences” from the Apple menu, select “Desktop & Screen Saver,” and then select the “Screen Saver” tab.

Screensaver Icon, Preferences

Use the slider to select how quickly the screensaver engages; a short period like 5 minutes is most secure. Then to require a password, select “System Preferences” from the Apple menu, then “Security & Privacy,” then “General,” and then “Require password after sleep or screen saver begins.”  You can set the delay before a password is required; “Immediately” is the most secure option.

Don’t share your account with others. If you want to allow others to use your computer occasionally, set up a new user account with limited privileges. That way your guests can’t access your files, information stored in your web browser, and other sensitive information. To set up a new account, choose “System Preferences” from the Apple menu, then “Users & Groups”. Click the lock icon to unlock the preferences and enter your administrator credentials. Click “Add” below the list of current accounts and choose the type of account to add. The best kind of account for guest users is “Managed With Parental Controls.”  After setting their user name and strong password, you can set “Enable Parental Controls” and “Open Parental Controls” to restrict access to applications, content and more.  It’s always a good security rule of thumb that if you share your computer at all, you should give people the fewest privileges they need.

Don’t use the “save password” feature in applications and on websites. This can be a great convenience, but it also is a security risk. While setting a strong password and enabling encryption decreases the risk when your computer is stolen, if someone uses your computer while it is unlocked and logged into your account they can access those services for which you have saved passwords. Carefully consider this risk before saving passwords that provide access to your banking information or to clients’ personal or financial information.

4. Encrypt Files on Your Mac

If you think that encryption is something for computer geeks on television, you’ve got it all wrong. Real estate professionals handle a lot of personal and confidential information – their own, their family’s and clients’ – and encryption is an important tool for keeping that information safe. Encryption is a process for transforming information that anyone can read into something that is unreadable by anyone who doesn’t have the right “key.”

To enable encryption, from the Apple menu select “System Preferences,” then “Security & Privacy,” then “FileVault”. Click the lock icon and type in your administrator credentials. Then select “Turn On FileVault.”  Click “Enable User” for each user whose files you wish to encrypt. You will be prompted to type the login password for each user.  It’s very important to store a “recovery key” as a way to unencrypt files if normal access isn’t possible for some reason. To do this, click on “Show Recovery Key”. Copy it down and store it in a safe place, then click “Continue.” You can choose whether to store the recovery key with Apple as prompted. You’ll then be prompted to restart your computer. Your computer may be a bit slow for a while after it restarts because your files are being encrypted. Once the process is complete and you are logged in, you can open the encrypted files without typing in any type of extra passcode. On the other hand, if someone tries to access the encrypted files by putting your hard drive in another computer, they will need to either “crack” your login name and password or have your recovery keys to read the encrypted files.

FileVault

5. Other Key Mac Security Settings

There are hundreds of Mac security settings that you can make more secure. This article won’t cover them all, but extensive guides are published here: https://ssl.apple.com/support/security/guides/. Note that it usually takes 2-3 years for Apple to publish security guides for new versions of their operating system, which is less than ideal. While all of us are waiting for the official documentation, following are some of the more important settings to check:

Mavericks Security and Privacy

A. Select “System Preferences” from the Apple menu, then “Security & Privacy.”

  1. In the “General” area, look at the “Allow applications downloaded from” capability. Lock it down as tightly as you can “Mac App Store” is ideal, “Mac App Store and identified developer” is second best, and “Anywhere” is a last resort if you use a lot of third party software that requires it.
  2. In the “Firewall” area, enable the firewall, disable “Automatically allow signed software to receive incoming connections” and check “Enable stealth mode”.
  3. In the “Advanced” area, check “Automatically update safe downloads list” and, if you don’t use infrared devices, “Disable remote control infrared receivers”.
  4. In “System Preferences,” “Sharing”, uncheck any resources you do not intend to share.

Mavericks Sharing Preferences

  1. Keep Bluetooth turned off by clicking on its icon in the menu bar and selecting “Off”.  If you don’t have the item in your menu bar, go to the Apple menu, “System Preferences”, “Bluetooth” and select “Show Bluetooth status in the menu bar.”
  2. Many believe it advantageous to a keychain password that is different from your account password. You will then be required to type the keychain password when accessing an application with saved passwords, but this prevents anyone else from sitting down at your logged-in computer and accessing resources with your saved passwords. If you wish to change the keychain password, open “Keychain Access,” located in the “Utilities” folder in Launchpad. Select “Edit” for your keychain, unlock the keychain with your password, then type the new password and click “OK.
  3. Advanced users should put a password on the EFI (Extensible Firmware Interface), rebooting while holding down Command + R, then use the “Firmware Password Utility” from the “Utilities” menu.

6. Encrypt Your Network Activity

Is there a “bad guy” watching what you do over the network? To reduce that risk, do not use unencrypted Wi-Fi networks. Encrypted networks will display “WPA2” in the popup when you mouse over a potential new connection. Avoid, networks run by people you don’t know, or networks that may allow fellow users that you don’t know and trust. You should be aware that there are various ways of intercepting cellular traffic, and you cannot be assured of the security of your data or voice transmissions. Though some forms of cellular communications are encrypted between your device and the base station (cell tower), hackers have tricked mobile devices into using their bogus base stations instead of the cellular provider’s, and have intercepted both communications and data. The only way to protect data if you choose to use an insecure network is to use a “Virtual Private Network” (VPN). This is something that may be available via your office’s firewall, and you will likely need the help of a technical person to help set it up.   There are also third parties offering an encrypted VPN-like connection via installation of their app, though one must be careful in choosing such an app, since the provider may be able to see your sensitive data.

Another layer of protection against someone seeing what you are doing online and accessing your accounts is to use encryption in your web browser and email software. In the case of web browsing, the website must support secure browsing via “https” (SSL or TLS protocols) and in the case of email, the email server must support similar encryption – something to coordinate with your email provider.

7. Back Up Your Mac

There are various ways to lose your files and settings – viruses and malware; accidental deletion; hard drive failure; or computer damage, loss or theft. If you have backups of files and settings, recovery will be much easier.

The first step is to turn on “Time Machine,” the built-in Mac backup software. Extensive instructions are available here: http://support.apple.com/kb/HT1427. Ideally, back up both to your internal hard drive and to an external hard drive.

Apple also has a useful backup solution called “iCloud” which stores your backup on Apple’s servers in the cloud. This is available for Mac OS X version 10.7.4 or later. To turn it on, from the Apple menu select “System Preferences”, then “iCloud,” enter your Apple ID, and select what you would like to back up. Then, any time the computer is on, locked and connected to a power source and the Internet, the selected items will be copied to Apple’s cloud. Note: there are security pros and cons to the “Find my …” iCloud (or MobileMe) feature . On the one hand you can find your missing device online and wipe it remotely, while on the other hand anyone who gains access to your iCloud account can do the same. In general it seems that the benefits of using iCloud outweigh the risks, especially if you are also backing up to a separate hard drive using Time Machine.

iCloud

iCloud – note that many items may not be backed up by default

Always test your ability to restore from backup, including older versions of files. Some professionals use multiple methods of backup, in case one method fails.

Some Parting Words

There are many possible settings and practices to decrease the likelihood that your Mac will be compromised; this article is just a starting point for individuals and small businesses. Nonetheless, if you follow at least these steps, you will have substantially decreased your risk and improved your chances of recovering quickly from an incident.