We independently review everything we recommend. When you buy through our links, we may earn a commission. Learn more

Locking down and securing your computer might feel like an impossible task, but it doesn’t have to be that way. With a few simple steps, you can lock down your Mac and protect it from the most obvious threats without inhibiting how you use your machine. Keep in mind, though, that there’s no one-size-fits-all solution to computer security, and for most people, “good enough” security, is, well, good enough.

Learning how to spot scams is one of the most important things you can do to protect yourself online. For most people, this means recognizing phishing attempts and being mindful of what you download.

If you receive a text message, an email, a social media message, or any other message that looks suspicious, avoid clicking any links (even if you know the sender). These could be messages that are meant to trick you into revealing personal information such as credit card numbers or passwords.

For example, you might get an email claiming to be from your bank asking you to verify your login information, but if you look closely at the sender’s details, you’ll see that the message is not actually from your bank. Anytime you get an odd message asking you to log in to an account, it’s best to go to the site directly in your web browser—in this example, your bank’s site—and verify any information there instead of clicking the link in the email. To see these tactics in action, try Google’s Phishing Quiz. Freedom of the Press Foundation also has a great explainer, and the FTC details a lot of the most common scams.

Phishing prevention is primarily about detecting risks (so you don’t inadvertently provide your personal information or login credentials), but multi-factor authentication through an app or a security key can help protect you if your password is stolen. Multi-factor authentication requires both your account password and a second code generated from an app, a text message, or a physical device (like your phone or a special USB key) to access the account in question; without that code, or second factor, your password is essentially useless. Password managers​​ can be useful, too, as not only do they store complex and unique passwords, but they can also catch phishing scams on occasion. In addition, some people may consider an ad blocker, which can block some malicious links and help add another layer of protection to your computer.

Illegitimate software downloads are a common source for malware. The danger might lie in pirated software or a lookalike site that attempts to trick you into thinking it’s legitimate. Despite what some people think, malware is an increasing problem on macOS, and something that Mac owners should be concerned about. Macs have antivirus tools built in, including XProtect and Gatekeeper, but they don’t catch everything, and you don’t have much control over how they work. If you think you’ve downloaded something malicious, try the free version of Malwarebytes, which can scan and remove malware from your Mac. If you’re comfortable with more technically involved programs, Objective-See makes a suite of free tools to monitor and identify malware.

Your best bet for avoiding this type of scammy software is to search the official Mac App Store for software first. If you don’t find what you need there, we like the Privacy Guides database of free software.

If there’s software you’re hesitant to open after downloading it, upload it (or copy and paste the download link) into VirusTotal, which will analyze the software to see if it’s in virus databases (note that this process shares the file with the security community as a whole, so don’t use it for any potentially personal documents).

If you’re comfortable with more advanced software, run any suspicious documents through Dangerzone. This software removes any potential problems and then converts suspicious documents (PDF, DOC, JPG, and more) into a PDF file you can view safely.

Modern Macs have automatic updates enabled by default, but double-check that your computer is properly downloading them. These updates aren’t just new features or bug fixes—they often include big security patches.

To make sure updates are running properly, open System Preferences > Software Update and click the Advanced button. Make sure to check all the boxes. These updates often require you to restart your computer, which can be annoying, but it’s important to take the time to install them.

If you have a Mac made in the past couple of years, FileVault, software for encrypting your device, is probably enabled by default. But if you have an older computer, or if you opted out of the feature when you set up your Mac initially, you should check to confirm that it’s turned on. FileVault encrypts all the data on your storage drive, jumbling up the data so that the data is incomprehensible without your password. Afterward, if you lose your laptop, the person who finds it won’t be able to access anything on your storage drive.

Open System Preferences, click Security & Privacy, and select the FileVault tab. Click Turn On FileVault and follow the on-screen instructions.

Apple gives you the option to store your recovery key in your Apple account or locally. For most people, if you have a strong password for your Apple account, you’re better off storing the recovery key there. But if you’re uncomfortable with that, or if you store a lot of very personal data on your machine, opt to store the code yourself. If you choose to do so, don’t lose the key and don’t forget the password you create, as you will not be able access your data if you lose either one.

Apple’s included firewall blocks all incoming connections to your computer. This means if someone is on your network and tries to access your computer, they’ll be denied. In most cases enabling the firewall doesn’t have a negative impact on your day-to-day computer use.

Open System Preferences > Security & Privacy, click the Firewall tab, and then click Turn On Firewall.

If you want more options and don’t mind a small learning curve, Objective-See’s LuLu is a free firewall that offers far more customization options than Apple’s built-in tool. Unlike the firewall included in macOS, it monitors all incoming and outgoing connections, which is annoying when you first boot it up as it produces a barrage of notifications. But over time those alerts calm down and can tip you off to issues involving potentially malicious installed software.

If something goes wrong with a Mac, whether the cause is a bug or a virus, it’s far easier for most people to wipe a storage drive clean and start over from scratch than it is to troubleshoot the problem.

We have a guide to backing up your computer, but the idea is pretty simple: At the very least, everyone should back up their files to a local external storage drive. Most people should also consider a cloud backup service, which provides a third, offsite copy of your files. Doing so protects against any mechanical failures of your computer and ensures that you have multiple copies of the files you care about in case virus, malware, or ransomware infections result in data loss.

Most people should have a login password enabled on their computer, especially if it’s a laptop that you carry with you.

Modern versions of macOS require a login password, but if you have an older Mac it may not be enabled. To enable it, open System Preferences > Users & Groups, select Password, and then click Change Password and type in a password.

If you have a new MacBook or iMac, you might also be able to log in with Touch ID. If you didn’t enable that feature when you set up your computer, you should do so now. It makes logging in quicker and easier, and it gives you more freedom to make a more complicated password since you don’t have to type it in frequently.

Before enabling Touch ID, be aware that if you are in a circumstance where law enforcement or a judge may try to compel you to unlock your laptop with your fingerprint, you should consider skipping the biometrics and using only a password. In 2019, a judge in Northern California ruled that law enforcement can’t force you to unlock your device with your face or fingerprint, but in the same year a judge in Illinois ruled the opposite. Until this issue is resolved, it’s best to stick with a password if you have concerns about someone unlocking your computer against your will.

Open System Preferences > Touch ID, select Add a Fingerprint, and follow the on-screen directions. Your computer’s password still serves as a backup login option and will be required whenever you restart your machine, but you can make it as long as you like since you won’t have to type it in as often.

Touch ID support also extends to some apps, including password managers such as 1Password and Bitwarden, which can make unlocking the apps less of a chore.

If you live in a communal space, or if someone other than you frequently accesses your computer, it’s a good idea to create a separate guest account for those other users. This way, they can’t access any basic info about you, and they can’t stumble across any private data such as your browser or chat history.

Open System Preferences > Users & Groups, select Guest User, and check the box for Allow guests to log in to this computer. Assuming that you enabled FileVault as described above, the guest account will have access only to Safari for browsing the web.

If you’ve owned your Mac for a long time, you may have software left over from the past (or even previous installs) that you don’t need. Since outdated software can sometimes pose a security risk, it’s always a good idea to go through and clean up your Applications folder now and again.

You can always open the Applications folder and drag apps to the trash, but for cleanup purposes, we like to use the system information panel. Click the Apple icon in the top-left corner, select About This Mac, click the Storage tab, and then click Manage. Click the Applications option and then sort by Last Accessed; this sorts your apps by the last time you used them. You can also remove outdated software by clicking Documents and then Unsupported Apps to see a list of older software that your computer can no longer run.

Like your phone, your Mac has a variety of privacy permissions, as over time you’ve granted (or denied) apps access to different kinds of information such as your location, contacts, or calendars. It’s good to double-check these options frequently to make sure apps can’t access data they don’t need.

Open System Preferences > Security & Privacy, and select the Privacy tab. Go through each permission and uncheck any boxes for those that don’t seem necessary. You can always reenable the permissions if something goes wrong.

If you’re more comfortable tinkering around in the settings, this guide on Github has some advanced tips for really locking down a Mac, if that’s necessary for you. If you prefer complicated scripting, these bash scripts are a good place to start, though we do not suggest using them unless you understand what each step is actually doing.

For the majority of the above tips, once you set things up, you won’t have to do much else. Although it’s impossible to totally lock down and secure your computer, the above steps will establish a good set of defenses and help make it possible for you to roll things back if something does go wrong.

This article was edited by Arthur Gies and Mark Smirniotis.

Thorin Klosowski is the editor of privacy and security topics at Wirecutter. He has been writing about technology for over a decade, with an emphasis on learning by doing—which is to say, breaking things as often as possible to see how they work. For better or worse, he applies that same DIY approach to his reporting.

by Yael Grauer and Thorin Klosowski

by Andrew Cunningham and Thorin Klosowski

by David Huerta and Yael Grauer

by Daniel Varghese and Nick Guy

You can send us a note too.

© 2022 Wirecutter, Inc., A New York Times Company