Hello EE Experts,

    Happy New Year! 2018 promises to be yet another cyberbattle between the black and white hat hackers, in a never-ending war. While you may not don either cap, you are here at EE and are more likely than not interested in how to protect yourself and your end-users (if you're an IT person) from being a casualty. Well, since I'm an Apple guy I'll give you the latest macOS exploit (see article). Essentially, it boils down to Apple having to fix this with their next security rollout, but it doesn't hurt to make sure that you're doing all you can to keep people off of your Mac. Here are some steps:

1) Open "System Preferences"

2) Click on "Users & Groups"

3) Click on "Guest User" and make sure it is "Off"

4) Next, click on "Login Options" and on the righthand side tap on the "Automatic Login" drop-down box and select "Off"

5) Select "Name and Password" (It makes it harder for someone to guess both the Username & Password, than just the password, which is all they have to guess if you select "List of Users".) If you don't want to select this option, then make sure you create a password that is 10-12 alpha-numeric characters long with a few special ones thrown in. To ease the process of creating such a password, use an app like "Last Pass" to create and hold your passwords (you can get it both for your Mac and iPhone/iPad)

6) Now, uncheck "Show Input menu in login window", "Show password hints", "Show fast user switching menu", "Use VoiceOver in the login window" (unless you need this option)

7) Back out of the "Users & Groups" and then click "Sharing"

8) Uncheck all boxes. If you ever need to perform any of the functions that these options offer, then check that box at the time you need to use it (my guess is that you'll find better ways to share files without compromising your beautiful Macintosh).

9) Back out of "Sharing" and then select "Bluetooth"

10) Once inside turn off Bluetooth. Not only will this save battery-life, but it will also eliminate another avenue that leads into your Mac. If you use a Bluetooth mouse/trackpad, then leave this option on but know that you're accepting the risk.

11) Back out of "Bluetooth" and then select "Network" (If you're not using Wi-Fi then you can skip points 11 & 12)

12) Once inside, tap on "Advanced" and then at the bottom of the window put a check in the box that's labeled "Create computer-to-computer networks". When you do this you're asking your Mac to request an Administrator password to create such a connection. Also, put a check in the box "Change Networks". By doing this you're telling your Mac to require an Administrator's password to change the Wi-Fi network your on.

13) Back out and click "Apply"

14) Back out again and click on "Security & Privacy"

15) Click on the "General" tab and then below checkmark the box "require password" and in the drop-down box select "immediately".

16) Now, if it's not already selected, click on "App Store and Identified Developers". This will give you a bit more breathing room to install apps on your Mac (since it allows apps that aren't in the App Store to be installed), but if you don't do get apps from outside sources, then keep "App Store" selected.

17) Click on the "FileVault" tab and turn on "FileVault". Why encrypt your hard drive? Because you never know if your Mac is going to be physically stolen or lost during travel. Also, by choosing to turn on FileVault you are protecting your Mac from someone getting to the "Recovery Mode" option (CMD + R when starting up) because your Mac will request the long password FileVault creates to get into Recovery Mode.

Side note: You're going to need to store this password in your Last Pass app or somewhere safe (Apple will not be able to help you get on your Mac if you lose this password).

18) After FileVault, please click on the "Firewall" tab. Turn this on if you don't have a third party application that has a firewall built-in (Some modern Antivirus software has this option coupled with it).

Lastly, consider buying a VPN to help keep your connections secure; it's not 100% safe, but it is better than not having one at all. I use Enrypt.me for all of my devices (Macs, iPhones, and iPads).

That's it! Take care all and may 2018 be your best year on record. ;)


Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month