Are you prepared to handle the theft of your Mac? Unfortunately, I had to test my own disaster recovery procedures when my laptop was stolen this past week. In situations like this, I believe there are two priorities. First, is the data on the Mac inaccessible? Second, can one get up and running on another Mac with all of one’s data? Let me tell you how I faired and the systems that I relied upon.
I’ll start by telling you about the brazen caper. I was actively typing on my laptop in a Seattle-area coffee shop when a guy reached in and grabbed my Mac laptop from the table. His accomplice was holding the store’s door open to facilitate their escape. I chased them, but they hopped into the backseat of a waiting car which sped away. When I returned to the store patrons and staff had figured out what had happened and were very supportive. The staff called 911 immediately. I filed a police report and the staff provided better physical descriptions of the thieves than I could provide. The staff also indicated that copies of video surveillance tapes can be sent to the police.
[Update: January 2017. After one of my clients heard about this incident she sent me a link to this Bay Area news report from 2017 which indicates this same type of theft has occurred in coffee shops in Emeryville, CA thought 2017.]
In order to deal with this situation I utilized the following items which I had in place:
- iCloud’s Find My Mac feature
- macOS’ feature requiring a password when waking a Mac
- FileVault encryption of my Mac’s hard drive
- My remote monitoring system’s inventory feature
- Time Machine backup of my Mac
While I was waiting for the police to arrive, I used the Find My iPhone app on my iPhone to login to my iCloud account. I selected my MacBook Pro from my list of devices. My laptop’s status was, not surprisingly, offline since the thief had closed the laptop’s lid when he was running with it. This put the laptop to sleep which disconnects it from the Internet. I checked the box labeled “Notify me when found”. I also clicked the buttons to lock the Mac and erase the Mac. I’m going to guess that these measures will be useless, but I did them anyway. Let me elaborate on why.
I think these measures will be useless because my laptop is both protected by a password when it’s either awoken from sleep mode or restarted. Also, my laptop’s hard drive is full encrypted using the Mac’s operating system’s built-in FileVault feature. The advantage of these two security measures is that it means that the data on my laptop is inaccessible. Yay! The downside is that the thieves won’t be able to wake up my laptop and connect it to the Internet. Thus, my Mac will never notify me and won’t be remotely erased. I can live with these consequences, knowing that my personal and work data is inaccessible.
You may wonder what the thieves would be able to do with my laptop. If they are savvy, they could completely erase my laptop. The fact that the hard drive is protected by FileVault makes it a bit harder for them to erase it, but it can still be accomplished. Once they do that, then they could reinstall the Mac operating system and sell the laptop. I’m guessing that selling my laptop was the purpose of the theft in the first place. The only way I could have prevented this would have been to prevent the theft. Short of that, I’m just glad that my data is inaccessible.
I called my insurance company to file a claim. In order to expedite the process and to ensure my insurance company fairly valued my laptop, I sent them the exact make, model, serial number and details about the extra RAM and storage that I ordered. I had all of these details at my fingerprints thanks to my remote monitoring system.
To get up and running on a new Mac, I needed to rely on my backups. When I got home, I checked and saw that my MacBook Pro had been backed up by Time Machine and CrashPlan Business that morning before I left home. I had only used my laptop for about an hour, at the coffee shop, before the theft occurred. I had sent and filed some emails but these would be stored on the mail server. Consequently, I bought a new Mac, transferred all of my data and applications from that morning’s Time Machine backup. When I opened Apple Mail it synced with the mail server. Thus, I got myself up and running without losing any data.
I’m very glad I had FileVault enabled on my Mac. If you’re considering enabling this feature, it’s highly advisable that you make sure that you have a full backup of your Mac before you do this, just to be safe. Of course, to be thorough, after you enable FileVault on your Mac, you should also encrypt your Time Machine backup data.
This experience got me thinking more lost or stolen computers and I realized that I could be better prepared in the event of a lost laptop. I could set a custom lock screen message which would display when the laptop is awoken or turned on. This message could list my phone number so I could be contacted if somebody comes across my laptop. Similarly, I could tape a business card on the bottom of the Mac so I could be contacted easily.