Mac Security and Privacy Settings Guide

A step-by-step guide to configuring your Mac’s built-in security features. These settings provide a solid baseline of protection and take about 30 minutes to set up.

1. Enable FileVault (Disk Encryption)

FileVault encrypts your entire startup disk. If your Mac is lost or stolen, nobody can read your data without the login password.

Path: System Settings > Privacy & Security > FileVault

1. Open System Settings from the Apple menu
2. Go to Privacy & Security, scroll to FileVault
3. Click Turn On FileVault
4. Choose your recovery method:
5. iCloud Account – unlock with your Apple ID (simpler)
6. Recovery Key – create a key and store it somewhere safe (more secure)
7. Restart your Mac to begin encryption
8. Encryption runs in the background; you can keep working normally

Important:
- [ ] Back up your data before enabling FileVault
- [ ] Record your recovery key and store it securely (not on the Mac itself)
- [ ] Performance impact is minimal on modern Macs with Apple Silicon

2. Turn On the Firewall

The firewall blocks unwanted incoming network connections.

Path: System Settings > Network > Firewall

1. Open System Settings > Network > Firewall
2. Toggle the firewall On
3. Click Options to configure:
4. [ ] Enable Stealth Mode (makes your Mac invisible to network scans)
5. [ ] Block all incoming connections (strictest; may affect some apps)
6. [ ] Allow specific apps through the firewall as needed

For additional network monitoring, consider Little Snitch or Lulu (free, open-source) to control outbound connections too.

3. Use Strong Passwords and Enable 2FA

Strong Passwords

• Use Keychain Access (built into macOS) or 1Password to generate and store unique passwords
• Path: Applications > Utilities > Keychain Access

Two-Factor Authentication for Apple ID

1. Open System Settings > click your name at the top > Sign-In & Security
2. Click Two-Factor Authentication > Turn On
3. Follow the prompts to verify your identity and set a trusted phone number

4. Enable Automatic Software Updates

Path: System Settings > General > Software Update

1. Open System Settings > General > Software Update
2. Click the (i) icon next to Automatic Updates
3. Enable all options:
4. [ ] Check for updates
5. [ ] Download new updates when available
6. [ ] Install macOS updates
7. [ ] Install application updates from the App Store
8. [ ] Install Security Responses and system files

5. Manage Application Permissions

Path: System Settings > Privacy & Security

Review and restrict which apps can access:

• [ ] Location Services – disable for apps that don’t need it
• [ ] Camera and Microphone – only allow apps you actively use for video/audio
• [ ] Full Disk Access – limit to essential apps only
• [ ] Files and Folders – review which apps can access Documents, Downloads, Desktop
• [ ] Accessibility – only grant to apps that genuinely need system control
• [ ] Contacts, Calendars, Photos – remove access for apps that don’t need it

Check these settings every few months. Apps you no longer use shouldn’t retain access.

On iOS (iPhone/iPad)

Go to Settings > Privacy & Security to manage the same categories per-app.

6. Disable Automatic Login

Path: System Settings > Users & Groups > Login Options

Set Automatic login to Off. This requires a password at startup, protecting your data if the Mac is lost or stolen.

7. Configure Safari Security

Path: Safari > Settings (or Preferences)

• [ ] Privacy tab: Enable Prevent cross-site tracking
• [ ] Security tab: Enable Fraudulent Website Warning
• [ ] Extensions tab: Remove any extensions you don’t recognize or use
• [ ] Websites tab > Location: Set to Deny or Ask for all sites
• [ ] Clear browsing data periodically: Safari > Clear History
• [ ] Use Private Browsing (File > New Private Window) for sensitive sessions

8. Enable Find My Mac

Path: System Settings > [Your Name] > iCloud > Find My Mac

1. Sign in to your Apple ID if you haven’t already
2. Enable Find My Mac
3. Allow location services when prompted

If your Mac is lost or stolen, go to iCloud.com/find or use the Find My app on another device to:
- Play a sound to locate it nearby
- Lock it remotely
- Erase it remotely to protect your data

9. Encrypt External Drives

When connecting external drives that contain sensitive data:
1. Right-click the drive icon on your desktop
2. Select Encrypt [drive name]
3. Set a strong password and save it in your password manager

Security Settings Checklist

• [ ] FileVault enabled
• [ ] Firewall on with Stealth Mode
• [ ] Strong unique passwords via a password manager
• [ ] 2FA enabled on Apple ID
• [ ] Automatic updates turned on for everything
• [ ] App permissions reviewed and restricted
• [ ] Automatic login disabled
• [ ] Safari security settings configured
• [ ] Find My Mac enabled
• [ ] External drives encrypted
• [ ] Screen lock set to activate after 5 minutes or less of inactivity