My recommendations for securing a Mac system from physical attack and malware.

First and foremost… Encrypt your hard drive! If you don’t, it’s as easy as holding down cmd-s at boot to go into single user mode and gain full access to your system. The same applies to Linux/UNIX/Windows. If you can’t get into single user mode there is always to pop to top and take out the HDD method to grab your data.
Encrypting on the Mac is easy. Follow the instructions here and read all the information there if you want on the previous pages

Second. I highly recommend you install a good firewall to protect your system from software phoning home information of your system and also computers on your network or the internet from accessing software on your system. The idea is you only allow trusted software to connect and also trusted IP addresses to talk to the software via open ports.
The firewall I use and recommend is Little Snitch

Third. This is more of a prevent a bad guy from selling your machine after they steal it from you. It locks your system down to booting only to one hard drive and nothing else without your password. This is the firmware password.
To set the firmware password, simply visit and follow Apple’s guide.

Of course, not all of these things would protect you from everything… But it’s a big step. You should be aware that email with attachments you didn’t know was coming should never be opened and messages you find weird should not be opened. Many other things… It all comes to learning how a hacker might think and how you can protect yourself.