Keep your Mac safe from intruders, malware, and more!

Take Control of
Securing Your Mac

Glenn Fleishman

Secure your Mac against attacks from the internet and physical intrusion with the greatest of ease. Glenn Fleishman guides you through configuring your Mac to protect against phishing, malware, network intrusion, social engineering, and invaders who might tap physically into your computer. Glenn teaches how to secure your data at rest and in motion. Learn about built-in privacy settings, the Secure Enclave, FileVault, sandboxing, VPNs, recovering a missing Mac, and much more. Covers Mojave, Catalina, and Big Sur.

All Take Control books are delivered in three ebook formats—PDF, EPUB, and Mobipocket (Kindle)—and can be read on nearly any device.

Download Free Sample

The digital world has never seemed more riddled with danger, even as Apple has done a fairly remarkable job across decades at keeping our Macs safe. But the best foot forward with security is staying abreast of past risks and anticipating future ones. Take Control of Securing Your Mac gives you all the insight and directions you need to ensure your Mac is safe from external intrusion and thieves or other ne’er-do-wells with physical access.

Security and privacy are tightly related, and Take Control of Securing Your Mac helps you understand how macOS has increasingly compartmentalized and protected your personal data, and how to allow only the apps you want to access specific folders, your contacts, and other information.

Also available: You can save money by buying this book as part of a three-book bundle, which also includes Take Control of Wi-Fi Networking and Security and Take Control of iOS & iPadOS Privacy and Security. Buy all three books for $25.78, which is 40% off the combined cover prices of $42.97. Add 3-Book Bundle to Cart

Here’s what this book has to offer:

Master a Mac’s privacy settings
Calculate your level of risk and your tolerance for it
Learn why you’re asked to give permission for apps to access folders and personal data
Moderate access to your audio, video, and other hardware inputs and outputs
Get to know the increasing layers of system security through Mojave, Catalina, and Big Sur
Prepare against a failure or error that might lock you out of your Mac
Share files and folders securely over a network and through cloud services
Set a firmware password and control other low-level security options to reduce the risk of someone gaining physical access to your Mac
Track and recover a Mac—or erase it remotely—if it’s lost or stolen
Understand FileVault encryption and protection, and avoid getting locked out
Investigate the security of a virtual private network (VPN) to see whether you should use one
Learn how the Secure Enclave in Macs with a T2 chip or M-series Apple silicon affords hardware-level protections
Dig into ransomware, the biggest potential threat to Mac users, but still a largely theoretical one
Decide whether anti-malware software is right for you

About Glenn Fleishman

Glenn Fleishman is a veteran technology writer who has contributed to dozens of publications across his career, including Macworld, Fast Company, and Increment. He has also written dozens of editions of books in the Take Control series. He spent 2019 and 2020 building 100 tiny type museums full of real printing artifacts—a few remain available for purchase. Glenn lives in Seattle with his wife and two children.

What’s New in Version 1.1.1 and 1.1.2

Version 1.1.1 added a sidebar, “Which Apps Are Locked Down?”, that explains in how to find which of the apps that come with Big Sur are stored on the immutable system volume and which are installed on the user-modifiable Data volume.

Version 1.1.2 fixed some typos and clarified wording in several spots.

What Was New in Version 1.1

Version 1.1 has several significant changes and improvements designed to help you better understand both some subtle and not-so-subtle points that weren’t as fully explored in previous ones, and to answer some reader questions.

This update adds information about how Apple limits the number of times the wrong password can be entered while starting up or restarting a Mac, or when switching accounts or logging in to additional accounts while macOS is active. See “Password Lockout Protections.”

Version 1.0 didn’t fully explain how FileVault starts up differently with an Intel-based Mac and an M-series Mac. That’s now fully clarified in “Protect at Boot.” Based on some people’s discomfort with using FileVault and keeping track of the associated Recovery Key, I added a discussion of reasons why you might not want to enable FileVault in “Decide on Using FileVault.”

If you want to enable encryption on a bootable clone, you can’t use the technique I describe to enable encryption on an external drive in “Encrypt External Drives.” Nor can you encrypt an external bootable volume with M-series Macs. Thus, I’ve added details on setting up FileVault for Intel Macs on an external volume in “Encrypt a Bootable Clone on an Intel Mac.” M-series Macs no longer offer Target Disk Mode for mounting an internal volume as a drive on another Mac to which it’s directly connected. Instead, these Macs have Mac Sharing Mode, which presents a selected volume as if it were shared over a network. In the previous versions of this book, the differences were not explained as thoroughly as they should have been, and the final steps in mounting a drive in Mac Sharing Mode were not included. See “Share a Disk (M-Series Macs)” for those details.

If you restart from an external volume that’s a clone of your startup drive on a Mac with a Secure Enclave and Touch ID, and have activated Apple Pay, you will likely have to reset Apple Pay. This is also true if you set up Apple Pay on another macOS account than your primary one, and then want to use it again with your primary account. I explain the ins and outs in “Apple Pay Valid Only for a Single User.”

I’ve also further clarified why you might disable SIP on an M-series Mac: it’s the only way to engage Permissive Mode, a security option that allows non-Apple operating systems of a certain kind to be bootable under Apple silicon. See “System Integrity Protection (SIP) and Startup Options with an M-Series Mac.”

What Was New in Versions 1.0.1 and 1.0.2

The 1.0.1 update corrected a handful of typos, clarified some text that may have been difficult to understand, and added a few small but useful details. The Introduction was rewritten for improved clarity and readability in version 1.0.2.

Read Me First
- About a Previous, Related Title
- Updates and More
- What’s New in Version 1.1.1 and 1.1.2
- What Was New in Version 1.1
Introduction
Quick Start to Securing Your Mac
Start with Security Basics
- Understand What Security Means
- Determine Your Risk Profile
Set Up Basic Security
- Keep Your Software Up to Date
- Manage Basic Security and Privacy Settings
- Configure Accounts & Groups Securely
Fortify Yourself and Your Mac
- Apple Protects with Gatekeeper
- Keep Malware off Your Mac
- Umbrella Protection with a VPN
Share Resources Securely
- Allow Network Access to Services
- Share Carefully via Cloud Services
Learn macOS Startup and Disk Protections
- The Secure Enclave
- FileVault Protection
- System File Protections
- Startup Protections
- Password Lockout Protections
- Secure Deletion
- Apple Pay Valid Only for a Single User
Keep Personal Data Private
- Keep Your Data Safe from Other Local Users
- Deter Invasion via Sandboxing
- Configure Your Mac’s Privacy Settings
- Protect Your Passwords
Regain Access
- Prepare for a Future Lockout
- Recover Access to an Account
- Recover from a Lost Firmware Password
Recover a Lost or Stolen Mac
- Safeguard Yourself and Your Mac
- Get To Know Find My
- Use Find My for Tracking
- Take Remote Action
About This Book
- Ebook Extras
- About the Author
- About the Publisher
Copyright and Fine Print