9 Tips for Staying Safe Online with Your iPhone, Mac, or iPad
Staying safe online with your Apple devices is an ongoing effort, and it’s important to keep yourself vigilant and informed about potential threats and risks. While the Mac, iPhone, and iPad, are generally much more secure than their competitor counterparts, that doesn’t mean you should be completely oblivious to risks to your personal information, logins, privacy, and general security.
We’re going to walk through six important tips to remember for when you’re online with your Mac, iPhone, or iPad, to help to insure your and your devices safety.
1: Regularly Install Software Updates
Get in the habit of routinely installing software updates, to both your operating system, and to your apps.
Almost every iOS, macOS, and iPadOS system software update includes security fixes and patches to help protect you from potential threats, so staying up to date with your system software is a critical component of being safe online.
Similarly, keeping your apps, and your web browsers, up to date with the latest available versions, is also just as important.
If you’re unfamiliar with the steps to update your iPhone or iPad system software, you can read here, but it’s basically just a matter of going to Settings > General > Software Update.
And if you’re unfamiliar with updating system software on MacOS, you can read how here, which is basically going to System Settings/Preferences > General > Software Update, as well.
Apps can be updated directly through the App Store on your device or computer, and sometimes directly from the app itself (like with browsers such as Chrome, Brave, Firefox, etc, or apps like Zoom).
2: Use Strong & Unique Passwords
It’s important to use strong and unique passwords for each website, service, and/or app you use.
In particular, you want to make sure the password to your Apple ID and your primary email address is particularly strong and unique, because access to those logins is the doorway to your entire online world.
Try not to reuse passwords, either. We’re all guilty of it, and it’s much easier to remember, but reusing a password is considered risky, because if one of the services you use has a data breach and that password is leaked, now your password is known for every other service or website you access.
Of course, remembering tons of strong unique passwords can be a challenge for many of us, which is why the next tip is…
3: Use a Password Manager
Juggling dozens of unique complex passwords can be difficult, which is why using something like iCloud Passwords and iCloud Keychain is an excellent choice.
Not only can iCloud Keychain generate complex random passwords for every site and app you use, but it also saves all of those passwords in a central location, that you can easily access from any of your Apple devices.
There are other password managers out there too, but if you’re already using iCloud, why not keep it simple and use iCloud Keychain?
4: Use Two-Factor Authentication (2FA)
Make sure you enable Two-Factor Authentication for your Apple ID, and for your primary email address, and frankly for any other account that supports it.
Two-factor authentication is designed to add an extra layer of security that requires a secondary verification step in the form of a code that is typically sent to your phone or other devices, whenever you’re logging into something (especially from a new device). The idea behind this is that it makes it harder for a nefarious actor to access your accounts, even if they have your password.
5: Be Cautious with Sketchy Links & Websites
You want to avoid clicking on any dodgy or suspicious links, especially if they’re coming to you from an unknown source, or in an unusual or out of character way from someone you know.
Likewise, avoid visiting dodgy websites on the shadier sides of the web, and certainly don’t install any of the random garbage they try to push on you when and if you do visit them. The junkware push is notorious on many of the popular ‘download’ sites, as well as many, uhm, adult themed, websites. Never install anything from any of those type of websites.
6: Be Cautious with Email Attachments
Similar to avoiding sketchy websites and links, you will also want to avoid any sketchy or dubious email attachments.
Verify any email senders identity and source before opening any document or file sent from them.
Do not open attachments or download attachments from unknown senders.
Be particularly wary of uncertain attachments that contain ZIP files, PDF files, applications, executables, scripts, documents, or things of that nature, as they may contain malware, junkware, trojans, miners, and other junk you absolutely do not want on your computer or devices.
If someone you do know emails you a document or file, and you weren’t expecting it, and it’s not immediately obvious what it is, you’ll want to consider reaching out to them directly and asking them what the file is, before opening it.
7: Ignore Scary Pop-ups and Alerts from the Web
We’ve all seen them; you’re browsing the web as usual, and suddenly some popup shows up on your screen with an alarming message that looks semi-official and says something like “Warning: Your computer has a virus! Install this anti-virus software now to clean your computer!” – don’t fall for it, it’s a scam.
Similarly, you may come across some very sleazy sales-pitch ads that attempt to scare you with things like “Warning: Your computer has a problem, call this tech support number to fix it!” and if you happen to make the mistake of calling the provided number you’re usually connected to some sleazy phone farm in the developing world where they tell you your computer is going to explode into infinite pieces if you don’t give them your credit card number – again, don’t fall for it, it’s a scam.
If you see scary sounding popups or alerts when you’re on the web, 99.999% of the time it’s not legitimate, instead it’s usually some overly aggressive advertisement or junkware push, and you can safely ignore them.
If you do see some kind of alert or warning and you’re concerned about it being legitimate or not, often the best thing to do is to close that window, and then go back to tip #1: look for available software updates on your device and install them directly there.
8: Be Wary of Public Wi-Fi Networks
Be cautious when you’re using public wi-fi networks, and ideally, avoid performing financial transactions or accessing sensitive information when on a public wi-fi network.
Many public wi-fi networks are insecure and do not require passwords to join, which means that they are not encrypted networks, and any data that is sent between you and the outside world when using an open wi-fi network could potentially be captured and eavesdropped.
If you do use a public wi-fi network, make sure the websites you are visiting are encrypted and using HTTPS (they’ll have the little lock logo next to the URL in the address bar) whenever possible – this is good advice in general, even for secure networks.
You might also consider using a trusted VPN (Virtual Private Network) when using public wi-fi, or if you’re traveling and need to use a lot of public hotspots. A VPN when setup properly will tunnel your traffic through the encrypted VPN, giving you added protection that the network may not be able to provide.
Another option; use your iPhone’s Personal Hotspot feature instead of a public wi-fi network to share your iPhone’s cellular connection with your Mac or iPad.
9: Backup Your Devices
Backing up your iPhone or iPad to iCloud, and backing up your Mac to Time Machine, is strongly recommended.
Backups ensure that you can restore your data in the event of something going wrong, a device being lost, a device or computer breaking, a software update failing, or any other mishap.
Do not skip backing up your devices, as failure to do so could result in permanent data loss.
–
Got any other tips or advice for improving your online security and staying safe online? Share them in the comments!
I use Time Machine but my concern is that it leaves the backup device mounted all the time. Malware that looks for attached devices could then wipe the backup to prevent easy recovery. My question is: is there a way to rig it so the disk is only mounted while TimMach is using it?
What I do is I use Time Machine during the evening after my work day to backup my Mac, then I disconnect the drive when I am not using it. I do that for numerous reasons, but partially because Time Machine running in the background can slow down my computing experience and I do not want that. But by disconnecting the drive, it makes it so you do not have to worry about the scenario you describe.
Personally, I use Time Machine too, and I don’t worry about that situation, because most malware on the Mac is fairly limited in it’s capabilities by nature of how modern macOS limits access to things by locking down the file system. Everything needs permissions to do certain things now. It is rare that true malware has access to the entire file system, and Apple patches those bugs quickly in the latest macOS versions.
If you do not download weird stuff, do not open weird attachments, and you avoid the seedier sides of the internet, the odds of getting malware on the Mac are quite low. I have been a Mac user for 25+ years, followed those guidelines, and I have never had malware before! I also use a Windows PC and it is much more prone to malware and viruses, though it’s better now compared to the Windows 3.11 days.
Or provide for a separate backup disk to backup files or the whole HD in longer time intervals and take the HD offline straight away. I use CCC for making those backups but I suppose there is more software for that. Also make a regular install (clone) disk.
No tips on the use of virus scanners?
The Mac has a built-in feature called XProtect that has anti-virus and anti-malware capabilities, and it updates itself in the background to make sure it’s active and relevant.
Aside from that, the tips covered actually do a good job of avoiding most potential trojan or virus, which would typically arrive through dodgy downloads or attachments. Overall, the Mac is well defended against threats from malware, junkware, adware, trojans, etc, but actual viruses are quite rare for the Mac thankfully. This doesn’t mean you should be careless, but be mindful of what you download, what you install, and where it comes from, and only rely on trusted sources.
There are some free anti-virus scanners for Mac, like Malwarebytes. Most users will not need to install or use these however, unless they have some particular concern, but there’s rarely a reason to pay for the expensive services that offer ‘anti-virus’ capabilities on the Mac.
What’s your vision on the use of anti-virus tools?
…and one more thing:
try not to use your internet access asking devices
It is a sarcastic joke only