FileVault is a feature of macOS that offers full-disk encryption for your Mac. This protects your files if someone were to steal your Mac. Without FileVault, someone with possession of your Mac's hard drive could view the data in your files. With FileVault, that data is encrypted and can't be read. It is unlikely that you will need FileVault, but it is still recommended if you are using a portable MacBook that could easily be stolen. Some companies also have policies that force employees to use disk encryption.
Keeping your Mac free of malware and using strong passwords for your online accounts are two important things you need to do to stay safe and secure. But even if you succeed at these, you can still be vulnerable to common scams that use social engineering to trick you out of your money, privacy and security. Even the most intelligent person can fall victim to a scam if they don’t recognize it when it happens to them. The key to keeping yourself safe is to know the common scams so you recognize them when someone tries to trick you.
Your Mac as a password generator built into the Keychain Access utility. It takes a few steps to access, but it can be handy to generate passwords outside of Safari or in unusual situations. You can vary the length and type of password and copy and paste the result.
Mojave changes how apps ask for privacy settings and gives you easier control of those settings. In System Preferences, Security & Privacy, Privacy, you can see all of the permissions that have been granted to apps and change them. However, for typical users it is often hard to determine why an app needs access to a specific type of information.
While each piece of unwanted software that tries to get on your Mac is slightly different, there are some general steps you can take to check for and remove malware. The LaunchAgents and LaunchDaemons folders are usual locations to check. You should also look for unwanted browser extensions and do an audit of the files in your Applications folder.
You can set your Mac to not require a password when you start up, wake up or log in. However, you should never use this function. Doing so leaves all of your information vulnerable to anyone who gets physical access to your Mac. Even if you are using a Mac that is stationary and locked up, it doesn't make sense to take the risk. Entering a password every time you use your Mac is a small price to pay for good security. You can mitigate the number of times you enter your password by setting the Require Password time to something reasonable, such as 5 minutes.
You may want to download third-party (non-Apple) apps for your Mac from time-to-time. When doing so, it is important to keep safety and security in mind. Four rules will help you stay safe when downloading apps: Don't get an app unless you really need it, get it from the Mac App Store if you can, only get an app if you trust it, and only download from the app's official site.
iPhone passcodes that are only 4- or 6-digits long can be easily broken by the same equipment law enforcement agencies use. While it is unlikely to be an issue for typical users, you can opt to use longer passcodes or even an alphanumeric password for your iPhone to make it nearly impossible to break.