Top 10 Ways to Keep Your Mac Safe on the Internet

Everyone knows (or should know) that Macs are very secure and are the safest way to use the internet.  However, knowledge is power, and you should know as much as possible about ways to ensure that you stay secure.  Fortunately, there is a blog devoted to Mac internet security.  The Internet Security for Your Macintosh has published the following top 10 things you can do to keep your Macintosh safe on the Internet:

1. Physical security first. Although not strictly an Internet security issue, the odds of something bad happening to your Mac due to a physical problem are much higher than something happening to it over the Internet. So take precautions appropriate to your situation, such as physical lock-down cables, surge protectors and proper care of data on portable machines (such as encryption of any important files). And be sure to keep good, up-to-date local and remote backups.
2. "The only constant is change." Especially on the Internet. New security threats are discovered, temporary fixes and updates are issued, mistakes are sometimes made. It’s important to keep up as best you can:
   • Subscribe to Apple’s Software Update and install security fixes soon after they’re available, although not necessary immediately.
   • Utilize online (for instance our blog isfym.com) and offline (for instance users’ groups) sources to keep up with new security issues, implement temporary protection as needed, and make sure updates appear good.
   • Keep up on updates for any other popular applications you use, especially cross-platform ones like Microsoft products and security applications like your firewall and anti-virus applications.
   • And of course stay knowledgeable about everything you can, for instance through our “Internet Security for Your Macintosh” eBook.
3. Use a personal firewall. We sell one, so we’re biased, but that doesn’t mean we’re wrong. You need a personal firewall on each of your machines, and the one Apple includes in Mac OS X is only sufficient for keeping you safe until you can get a better one. Be sure your firewall has logging fully enabled, and use a log analysis application to highlight issues that need to be addressed. And, no, the so-called firewall in any router you may have isn’t good enough either (although it does help).
4. Use good passwords. Until the day we log into everything through retinal scans or other "biometric" means, passwords will be the main way we identify ourselves to Internet-based services. Use passwords appropriate to the importance of the service they’re protecting, choosing longer, harder to guess (and more unique) passwords for the more critical services. Apple’s password assistant, built into Keychain Access, can be a big help here.
5. Do not send confidential information by email, unless you know how to use encrypted email. Also treat all email messages received, even from people you know, as suspect. Same applies to IM (with certain exceptions like encrypted iChat). On the Web, be sure the Web page is a secure one (look for the lock icon) before entering confidential information.
6. Never open attachments in email messages, which are more often than not viruses. This advise may seem a bit over the top, but you should apply it as the general rule, with the only real exception being when you know the person who sent you the attachment and the context from the rest of the email makes it clear that that person really did intend to send you that attachment.
7. Never click on links sent in email messages. Again this is the general rule, with similar exceptions as with email attachments. These links are often to "phishing" Web sites that will attempt to steal personal information from you, or to "maliciously-crafted" Web sites that will attempt to do even worse things, like take over your machine (yes, even if you do use a Mac). Always type URLs directly into your Web browser, use known-good bookmarks, or click on links from reputable sites (including search engines) that you’ve gotten to through one of these methods.
8. Consider an anti-virus application. There are essentially no known Mac-specific viruses, and use of anti-virus applications can help keep it that way. Right now, anti-virus applications are essentially insurance policies, which you hope to never need to use, but are glad you have if you do. Also like insurance, you need to be sure to keep your anti-virus application, and its associated virus definitions, up to date.
9. If at all possible, do not provide any services from your Macintosh. In other words, all services in the Sharing pane of System Preferences should be off, along with other services like iTunes music sharing and iPhoto photo sharing. If you do need to offer services, use your personal firewall to restrict access to as few machines as possible (preferably just machines on your local network). And of course use good passwords for those services, in particular for the cross-platform Remote Login (ssh) service, which is often subject to dictionary attack.
10. Properly secure your wireless (AirPort) environment, both at home and on the road. At home the most important things are to change your wireless router’s password and to use WPA encryption. Beyond that, don’t allow your router to be administered over the Internet and add other security measures (like creating a closed network and limiting access by ID) if you feel comfortable configuring them. On the road, be sure to turn off or block any services your Mac is providing through your firewall, be cognizant of who’s looking over your shoulder, use a VPN if you’re talking back to your home or work network and watch our for rogue access points.
11. Bonus: Consider running your Mac as a non-administrative user most of the time. This is an advanced technique that provides few immediate benefits, but, similar to anti-virus applications, acts as "insurance" by limiting any damage that could result from a security breach. Someone gaining access to your machine would still have access to many of your files, but not to most of the underlying machine and OS itself. The easiest way to run as a non-admin user is to create a new, administrative account and then change your normally used account to a non-administrative one.

Source:  "The Top 10 Things You Can Do to Keep Your Macintosh Safe on the Internet" by Open Door Networks, published at the Internet Security for Your Macintosh blog.