Mac Security Settings
Depending on your setup (desktop or laptop) you may want to take a good look at the Security and Privacy preference pane. Click the Apple menu then System Preferences.
When you open it, you’ll see you’re unable to make changes. In order to make changes, you’ll need to click the lock icon then enter an administrator password. If you’re the only user of this Mac, this is the password you used when you first setup your Mac (you did create a password, right).
The first tab is General. As you can see above, there are a few settings I prefer to use on my desktop. The first check box, Require Password… will cause a password prompt if I walk away from my Mac for more then 15 minutes. If you own a laptop, you may want to shorten this time even more. This will keep prying eyes from seeing what is going on. While there are ways to change the administrator password, this is more so to remove any opportunistic mischief.
I’ve also disabled automatic login. So, when I turn on my Mac, I will be required to enter my administrator password. Same reason for this setting as mentioned earlier, removes opportunistic mischief. If this is a laptop, I would strongly recommend you have this setting checked in addition to FileVault (see next section for details on FileVault).
The Allow apps downloaded from: section will control how strict you want to be with new Applications you add to your Mac. This uses Gatekeeper to perform checks on the software you downloaded. Most secure is Mac App Store, least secure is Anywhere. The default Mac App Store and identified developers will allow applications downloaded from the internet that are by registered developers and have accounts with Apple. Apps downloaded through the App Store go though a vetting process that can capture and remove malicious Apps before you can download them to your Mac.
You may also notice the Advanced… button:
This allows for even more advanced control of access to your Mac. Log out after… will not put your Mac to sleep, but will log out the current user, quitting applications, and closing documents. this is the equivalent of Apple menu —> Log Out (your name here)…
Require an administrator password to access system-wide preferences, will cause all system preferences that affects all users (i.e. Printers & Scanners, Network, Date & Time, Startup Disk, Energy Saver, Sharing to name a few) to have the lock icon at the bottom left that will need to be unlocked by an administrator to make changes.
Disable remote control infrared receiver won’t allow remote control with an Apple or any other compatible remote control.
FileVault is the method to encrypt your Mac hard drive. This will cause your entire disk to become unreadable without your password or recovery key. As noted on the FileVault tab, if you lose your password and recovery key all of the information on your Mac will be lost, forever! This is used when security is paramount, like on a laptop with sensitive information. If someone were to steal your Mac, and FileVault is active, then the information on the drive will be useless (unless they have your password because you taped to your laptop). You can learn more about FileVault here.
The Firewall tab controls incoming connections to Applications from outside sources (the internet and your network). Depending on your setup will determine if you should have the firewall turned on for additional protection. You’ll have fine-tuned control over the way specific Applications can accept incoming connections. Apple has sources about the built-in firewall, but there is an excellent article at Macworld that goes into additional details.
Finally Privacy does just what you’d think. Gives you control on how much information you want to give either applications, Apple, or developers.
As you can see above, you can control which applications have access to specific information that can be considered private. You’ll see an aspect of this when you install a new Application (like Skype). When you first launch Skype it will ask you for permission to your Contacts. This is so Skype can use your contacts rather then you adding them separately into Skype. Check or uncheck boxes next to the Application name to allow or disallow access respectively.