If you use a MacBook at cafes, hotels, airports and other places with public Wi-Fi, how do you protect it from hackers, spying, malware and threats? Increase Mac security and privacy settings.
When using a computer in the home or office, you are surrounded by friends, relatives or work colleagues and you are protected to a certain degree by being on a local network that outsiders cannot access.
This is not true when you are using a laptop computer at a public Wi-Fi hotspot, like an airport, cafe, hotel and so on. It is probably safe and there is unlikely to be a problem working in public, but safety and security cannot be guaranteed. You cannot be certain that someone is not eavesdropping on a public Wi-Fi network, so there is always a danger.
It is possible for hackers to set up fake hotspots or to intercept internet activities, connect to your computer through the network, and more. Public Wi-Fi is risky. it is not terrible, but it is certainly not 100% safe.
Don’t panic! You are not likely to be sharing a coffee with a hacker on the next table at a cafe, but that does not mean you can afford to be complacent. A few simple tweaks to the MacBook’s settings will make it much more secure and safe to use in public.
- 16 internet dangers to watch out for when using the web
- Unblock Wi-Fi hotspots at hotels, cafes and more with a VPN
1: Encrypt the Mac’s drive
Laptop computers are sometimes accidentally left on trains, buses, in cafes, hotels and other places. There is also the possibility that it could be stolen. You put your laptop bag down for a moment and the next thing you know is it is missing, or you leave it in your car and it gets broken into.
Of course, you are extra careful when out with your MacBook and it is unlikely that you will lose it or have it stolen, but as the saying goes, hope for the best but prepare for the worst.
If someone else got their hands on your MacBook you would not want them to be able to access the contents of the drive. A good way to ensure this is by encrypting the drive contents so that only you, with the password, can access it.
If you have not done so already, open System Preferences and click Security & Privacy. Select the FileVault tab and enable it. Bear in mind that it could take a long time to encrypt, even with an SSD, but you can continue to use the Mac while it does it. It is a good job Macs don’t have hard disk drives, because they would take hours to encrypt!
2: Enable the firewall
A firewall is designed to prevent access to the computer from people or software on the network you are connected to, or on the internet. It isn’t very likely but it is possible for hackers to hang around public Wi-Fi hotspots and see if they can access any unprotected computers or devices. Flaws in security could then be exploited.
Go to System Preferences and click Security & Privacy. Select the Firewall tab and enable the firewall in macOS to block network attacks.
Click the Advanced button in the bottom right corner and there is an option to enable stealth mode. This prevents the Mac from responding to network activity designed to locate and identify devices and computers. It does its best to make the Mac invisible.
That should be sufficient but if you happen to be staying at a hotel where a hackers’ convention is being held it is possible to lock down network access even tighter. Select the option at the top to Block all incoming connections in the Advanced Firewall settings.
3: Stop sharing services in macOS
The MacBook is able to share a variety of things over a local network, including access to the drive, printers, scanners, the internet and more. It is not a good idea to use a MacBook in public with a bunch of sharing services enabled. You could use the ultimate firewall blocking setting in the last tip, or you could disable the sharing options while out and about.
Go to System Preferences and open Sharing. Turn everything off.
4: Turn off Bluetooth
Bluetooth enables devices to connect to each other over short distances and exchange information. If it is enabled, it is a temptation for a hacker or troublemaker at the Wi-Fi hotspot and you may see requests to connect or to receive files and so on. Don’t! It could be malware, a hack attack or who knows what?
Go to System Preferences, open Bluetooth and turn it off unless you absolutely must have it.
5: Join the right Wi-Fi network
It is a fairly easy task to turn a phone or computer into a Wi-Fi hotspot and hackers and criminals have been known to set up fake Wi-Fi hotspots close to Wi-Fi hotspots with the same name. For example, they could create a hotspot called Starbucks inside or close to a Starbucks Cafe. People might then connect to the fake hotspot instead of the real one.
All their internet activity would then flow through the hacker’s computer or phone and could be captured and analyzed. That would be bad if you logged into sites and services, banked or shopped online.
There isn’t anything specific that you can do to protect yourself from this kind of threat. Just keep your wits about you and be careful what networks you connect to. If you are in any doubt about a Wi-Fi network, don’t connect to it.
6: Use a VPN for privacy
A VPN is a utility that provides an encrypted connection to the internet and it is a great way to ensure your security, privacy and safety at public Wi-Fi hotspots. If you are out with a MacBook and are at all concerned about these issues, get a VPN.
Free ones are available, like ProtonVPN, but they are often limited in some way, such as restricted performance or data limits. It’s hard to find a free one that is as good as a paid one. Go with a company you trust and know works well, and subscribe. There are a lot of VPNs out there and the huge choice can be confusing. I have used NordVPN, Ivacy VPN, ProtonVPN, PrivadoVPN and others, but there are many more.
Save $$$ on a VPN with our Offers and Recommendations page.
7: Lock your Mac with a password
Passwords are compulsory for some features on the Apple Mac, but not for all of them. Some are optional, but they are recommended if you use your MacBook in public places. So which passwords are optional? Open System Preferences > Security & Privacy > General tab.
Disable automatic login, which logs into your account without having to enter a password. Imagine if this was not set. Someone could start your MacBook or wake it from sleep and go straight into your account.
Another essential setting is that a password is required immediately after sleep or the screen saver kicks in. If you walk away from your MacBook, you want it to be locked in case someone sits down and tries to access it. Set a short timeout for the screen saver in System Preferences > Desktop & Screen Saver > Screen saver tab > Show screen saver after. The minimum is one minute.
You may find this irritating because if the phone rings, something else interrupts you, or you just pause to think, the screen saver may start and then you have to enter your password again.
You might want to set a longer screen saver timeout, such as 5 or 10 minutes, and configure hot corners so that pushing the mouse pointer into the corner of the screen locks it. Configure this in System Preferences > Desktop & Screen Saver > Screen saver tab > Hot Corners. Select a corner and select Start Screen Saver or Put Display to Sleep.
8: Use iCloud Private Relay
Private Relay is a feature in macOS that helps to keep your internet activities private. It hides your IP address and Safari browsing activities. No-one can see which websites you visit.
It provides more security and privacy than using nothing at all, but it does not provide as much as a VPN. If you don’t have a VPN, perhaps because of the cost, Private Relay can be used instead.
A limitation of Private Relay is that it works only for Apple apps, specifically, Safari and Mail. If you use any other app, there is no protection. Open Safari and go to NordVPN’s What is my IP address? Do the same in another browser, like Chrome and it is different. Safari is protected, other apps, like Chrome, are not.
Use a VPN if you can, because it protects all apps, but iCloud Private Relay if you can’t. Open System Preferences and click Apple ID at the top right. Tick the box next to Private Relay.
Stay safe with Mac security and privacy
Most of these improvements in Mac security and privacy are pretty easy to set up. A few minutes is all it takes to configure them and most will not need changing if you use a private network like work or home. Just leave them turned on all the time.
It is said that the weakest link in security is people. Be smart, don’t be fooled, and take precautions. Then you can use your MacBook in public safely.
