How to Secure Mac and Restore Data After a Breach?
This article provides a complete solution to secure your Mac from Internet threats. If any unfortunate data breach occurs, you can restore the data using a backup or data recovery tool.
Join the DZone community and get the full member experience.Join For Free
When you want to secure your Mac and keep it safe from malware or other Internet threats, make sure you enable the correct security settings, encrypt your storage drive, and run antivirus software. In this article, we’ll share practical DIY methods for Mac security.
Your macOS is truly secure thanks to Apple’s built-in security features, such as Gatekeeper, Notarization, App Sandboxing, XProtect, and Malware Removal tool. These features work automatically to prevent a Mac security breach.
Besides, macOS allows you to encrypt your Mac hard drive or SSD to prevent unauthorized users from reading information from the storage medium. Also, macOS lets you set up a firewall to protect your privacy. You need to check the security preferences and implement all the security features to ensure your Mac remains secure.
Best Practice: Before you perform any troubleshooting steps, you must back up your Mac using Time Machine. Also, install a Mac data recovery software on your computer beforehand to make sure you can recover your valuable data in case of any data loss event.
How to Secure Mac?
Method 1: Secure Mac Using Security and Privacy Preferences
macOS allows you to manage the security and privacy of your Mac through the Security & Privacy preferences window. Follow the given methods to secure your Mac.
a. Allow apps from App Store or identified developers
macOS uses a security feature called Gatekeeper that only lets signed apps run on your Mac. Gatekeeper allows the launching of apps from the App Store or identified developers. This security feature restricts all other apps from launching on your Mac. Follow the given steps to choose the correct Gatekeeper settings on your Mac:
(1) From the Menu bar, go to the Apple menu > System Preferences > Security & Privacy.
(2) Click the General tab. Unlock the lock icon with the admin password to make changes.
(3) Under Allow apps downloaded from, either go with the default App Store and identified developers option or select App Store to launch apps downloaded only from App Store.
(4) If Gatekeeper blocks a system software from loading, click the Allow button if you know the third-party software is trustworthy, else don’t.
(5) To save the preferences and avoid any further changes, click the lock icon again.
Note: In macOS Sierra and later, the Anywhere option that turns off Gatekeeper is hidden by default for security purposes. But you can type spctl –master-disable command in Terminal and hit Return to unhide the option. To hide it again, type spctl –master-enable, then hit Return.
Gatekeeper also requests your approval so you don’t get deceived into launching the software you didn’t ask for. Always be cautious about installing any software for which Mac shows an alert.
b. Encrypt your Mac drive using FileVault
macOS allows you to encrypt the data stored on your Mac startup disk using FileVault. This security feature prevents unauthorized users from reading your files even if they remove the storage device from your computer and connect it to another Mac. But you can access the stored data from the drive using your login password. Now, follow the given steps to enable FileVault on your Mac:
Note: A Mac with a T2 security chip encrypts the data stored on the drive automatically, so you don’t need to use FileVault. But, if you Turn on FileVault, macOS provides additional protection by requiring your login password to decrypt your data present on the drive.
- In the Security & Privacy window, click the FileVault tab.
- Unlock the lock icon using the admin password to make changes.
- Click TurnonFileVault and enter your password. Specify how to unlock the disk and reset the login password if you forget it.
- If you have an iCloud account, click Allow my iCloud account to unlock my disk. Else, click Set up my iCloud account to reset my password.
- Alternatively, click Create a recovery keyand do not use my iCloud account. Write the recovery key in your diary and keep it in a safe location.
- Click Continue and let the encryption process continue in the background..
Note: The FileVault encryption process might require you to plug in your Mac to its power source to prevent any alert message.
c. Set up a Firewall
macOS allows you to set up a firewall that blocks inessential communication with your Mac and protects your privacy. When you turn on Firewall, you can select various Firewall options as per your requirement. Follow the given steps to set up and customize your Firewall.
- In the Security & Privacy window, click the Firewall tab.
- Click the lock icon, then enter the admin password to unlock the Preferences pane.
- Click Turn On Firewall. To specify extra security settings, click Firewall Options.
- Select Enablestealthmode to prevent others from discovering your Mac on the Internet.
You can even select other firewall option checkboxes to protect your privacy.
d. Set your Privacy preferences
macOS respects your privacy and allows you to set your privacy preferences. Follow the steps to set your privacy.
- In the Security & Privacy window, click the Privacy tab.
- To unlock the Preferences pane, click the lock icon and provide the admin password.
- You can allow and disallow the apps that are not secure for Mac under the Accessibility and Full Disk Access option.
Method 2: Secure Mac Using Disk Utility
a. Erase your storage drive in encrypted file system format
Erasing your storage drive in an encrypted file system format is another method through which you can secure your Mac. Disk Utility allows you to encrypt your Mac storage drive by erasing the drive using an encrypted file system format. This encryption mechanism is different from FileVault that lets you encrypt your data without erasing your drive. Now, follow the given steps to encrypt your storage drive using Disk Utility.
Warning: Disk Utility erases the storage medium that you need to encrypt and password-protect. So, back up your Mac before you erase the drive to avoid permanent data loss.
- Go Finder > Applications > Utilities > DiskUtility.
- Select the non-boot volume from the sidebar, then click the Erase tab.
- In the Name field, type a drive name and specify the Scheme as GUID Partition Map.
- Specify Format as APFS (Encrypted) or otherwise, and click the Erase button
- Enter the required password, verify, and click Choose. Let Disk Utility secure your drive.
Method 3: Secure Mac Using Antivirus Software
XProtect is a built-in antivirus technology that automatically detects and blocks the execution of known malware. This security feature also notifies you to move the compromised app to Trash. In macOS Catalina or later, XProtect checks known malicious content when you launch an app, app changes occur in the file system, or updates occur to XProtect signatures. When malware succeeds in executing on your Mac, Malware Removal Tool (MRT) remediates the infection. Besides XProtect, you can even use robust third-party antivirus software on your Mac to help you protect your data from a data breach.
How to Restore Data After Breach?
In case your data get compromised due to malware or accidental deletion. Follow the given methods to restore your lost data.
Method 1: Restore data using Time Machine
You can restore specific files using Time Machine. Follow the given methods to restore files.
- Ensure your Time Machine drive is connected to your Mac.
- Open the Finder window from where you’ve lost your files.
- From the Menu bar, click the TimeMachine icon and select EnterTimeMachine.
- Browse the backup using the TimeLine or Up/Down arrow key.
- Select the found files and click Restore to restore them to their location.
Method 2: Restore Data in the MacOS Recovery Mode Using Time Machine
If your macOS data is corrupt or encrypted due to malware, use Time Machine to restore the operating system. Follow the given steps to restore data in the macOS recovery mode using Time Machine.
Warning: Time Machine restoration process requires you to reinstall macOS, which results in drive erasure. So, manually back up all recent files to an external drive to avoid permanent data loss.
(1) Ensure your Time Machine drive is connected to your Mac.
(2) For Mac with Intel, start or restart the system, then immediately press and hold Command + R keys until the Apple logo appears.
(3) For M1 Mac, start your Mac by holding the power button until Startup Manager opens. Click Options > Continue.
(4) Click Restore from Time Machine Backup, then click Continue.
(5) Specify the latest date and time. Then, restore data as per instructions.
For no backup situation, recover your lost data on Mac using file recovery software.
Method 3: Recover Data on Mac with Stellar Data Recovery
If you don’t have a Time Machine backup, you can use Stellar Data Recovery software to restore your lost or deleted files due to any data loss event. Follow the 3-basic steps to recover your data:
(1) Download & install Stellar Data Recovery Free Edition for Mac.
(2) Select the type of file and storage drive location from where data loss occurred.
(3) Scan the drive using the quick scan feature or use the advanced scanning method.
(4) Recover your data to an external storage medium to avoid data overwriting.
We’ve covered the best available methods to secure your Mac running on macOS Big Sur or earlier. However, if you lose your data due to a virus attack or any troubleshooting mistakes, you can use Time Machine backup or a free Mac data recovery software.
Opinions expressed by DZone contributors are their own.