Last night, I taught a class in data security for home and small business users at our local community college. There were a lot of good questions from the community education program students, so the class ended quite late and I was still answering questions as I walked out the door.
This morning, I went to grab my MacBook Air out of my laptop bag and literally grabbed air instead. In my haste to get out of the classroom and head home, I had packed everything but the laptop. Fortunately, the classroom was locked and few classes are scheduled for early morning, so I called the campus police and had them rescue the MBA for me. Problem solved!
After actually losing an iPhone 3G a few months ago, I wrote a post about what to do to prevent data loss and identity theft when lose your iPhone, and included a few tips on how to hopefully keep yourself from losing the phone in the first place. In this post, I'll talk about the things that I do (or can do) to keep my MacBook Air and my data safe, even when my mind conspires against me to try to lose the computer.
It's ironic that this near-disappearance happened after just teaching my data security class, because part of that class revolves around keeping laptop computers safe. Here are some of the things I teach my students -- and I usually practice what I preach:
#1 -- Use password protection at power up and when waking the laptop from sleep.
This is so easy to do, yet very difficult to talk people into doing. In Mac OS X, you simply need to go into System Preferences, click on Accounts, make sure your account is selected, then click Login Options. You may need to click the lock icon at the bottom of the screen and enter your administrative password to do this. Make sure that Automatic Login is disabled (see below), and your Mac will always ask for a password when it is powering up.
To do this, click the Security icon in System Preferences, then make sure the General pane is open. The first item on the screen, require password to wake this computer from sleep or screen saver, should be checked. You can also disable automatic login for all accounts by checking the appropriate box:
There's one more password you can and should enable if you're a real stickler for security, and that's the firmware password. Basically, anyone who doesn't know your firmware password is going to be unable to reformat your MacBook hard disk drive, or boot from an external drive or DVD. There's a great tutorial on how to set a firmware password on Orbicule's website. More about this company and their products can be found a little bit later.
#2 -- If it's important, encrypt it!
If you have critical information that needs to be protected at all costs, encrypt it. This will keep someone from being able to use your information without knowing your password. Mac OS X (Leopard and Tiger) have a feature called FileVault that encrypts your home folder automatically. Since it performs real-time encryption and decryption, it can slow down disk operations on your MacBook, so it's not for everybody. You must remember both your master (root) password and login password; if you forget your login password and don't have the master password, your data is gone...
To set up FileVault, click on the Security icon in System Preferences, then click that FileVault tab. Read the warnings, then click the "Turn On FileVault..." button (below). This may take a while, since FileVault must go through and encrypt all existing data.
There's even a free solution built into Mac OS X. If you have notes, passwords, and other items that you'd like to keep from prying eyes, you can use Keychain Access, found in the Utilities folder, to create secure notes.
From the Finder, select Utilities from the Go menu. When the Utilities folder appears, double-click Keychain Access to launch it. As you can see in the screenshot below, there's a category named Secure Notes. Click on that category, then click the plus sign button at the bottom of the screen. Give the note a "Keychain Item Name", then type in your note.
#3 -- Lock it up, hide it, or take it with you.
There's nothing that can keep you from doing what I did -- just forgetting to pick the laptop up -- but there are steps you can take to reduce the chance that someone will steal your laptop.
First, never leave a laptop in a car, even if you think it is in a safe, hidden place where nobody can possibly see it. I personally know two people who have laptops stolen when they stepped away from a car for a moment (one to pay for parking, the other to run into the house for "just a second" and use the bathroom) and left the laptop in the vehicle.
Next, if you're staying at a hotel, be sure to use a laptop lock to secure your device to a desk or other heavy object. Yeah, they're pretty easy to break, but in many cases just the sight of a lock will discourage a thief who just wants to quickly grab a laptop and run. If I'm in a conference room or classroom and know I'll be leaving for even just a minute, I either have someone trustworthy keep an eye on it or I take it with me.
One thing that discouraged me when I purchased my MacBook Air is that it doesn't have the requisite Kensington slot for a lock. That means that I usually have to carry it with me, hide it really well, or put it into a room safe. If there's a room safe that's big enough, that's my first choice. A MacBook Air will fit in most room safes with space to spare. The MacBook Air is also incredibly easy to hide thanks to its thin profile. In hotels where I haven't had the luxury of slipping the MBA into a safe, I'll often hide it between the sheets in the bed (most of the hotels I stay in on business trips don't have a "turn-down service", so the maid isn't going to find it) or place it on top of tall furniture.
#4 -- Sharing with strangers can be dangerous.
When it comes to wireless networks, I'm very paranoid. One best practice that I follow religiously when I'm on open networks is to shut off all sharing on my MacBook Air. I don't know how many times I've been working on my MBA in hotel rooms, pulled up a Finder window, and then seen literally dozens of Macs and PCs that have sharing turned on. And yes, on occasion I've actually tested whether or not I can browse someone's files and have been successful. Fortunately for these people, I'm an ethical person.
If I'm doing any private transactions, I stay away from WiFi and either use Ethernet or use a Sprint Mobile Broadband card that I have. At least with the Sprint card I know that my data is encrypted. Many of the open WiFi networks I see at hotels have no encryption in place at all.
If you use a corporate VPN connection, be sure to comply with your employer's regulations regarding network security. Many VPN clients have a setting to lock out access to the local LAN and tunnel all traffic through the secured link; turning on that feature can help protect your transactions and email in transit.
#5 -- Consider leaving private information at home or in the office.
Considering how often I travel with my MacBook Air, I'd never think about loading some of my more private information onto it. For example, there's no way that I would load QuickBooks Pro onto my MBA. Instead, I have it running on my iMac in my office. If I need to do some accounting work while I'm on the road, I use LogMeIn Free to connect to my office machine and do the work. It's a lot safer than having me lose all of my accounting info by forgetting my laptop at the airport!
If the private information is in a document that I can open in a standard Mac application, I'll just put the file onto my MobileMe iDisk, pull it down to the laptop to make changes, and then save it back to the iDisk and erase it from the MacBook Air.
#6 -- Backups! Backups! Backups!
Why am I repeating this? If you do lose your machine due to stupidity or malice, wouldn't it be good to know that you have a recent backup that you can restore to another Mac? I use three levels of backups. The first level is a Time Machine backup to a portable USB-powered hard drive. The second is a backup of critical files only to my MobileMe iDisk. The third level, which I just recently added to my backup plan, is Backblaze. Backblaze constantly backs up my laptop to a secure server farm, and acts quite a bit like Time Machine in that it keeps copies of frequently changed documents for 30 days.
The fact that Backblaze is backing up my data constantly without any intervention on my part is great. The service is only $50 a year for unlimited storage, and I've found it to work flawlessly. I just need to be attached to a network to get backed up, which means that most of the time (except when I'm on an airplane) Backblaze is quietly receiving my data. As more airlines start installing WiFi on their aircraft, I'll even be able to back up on the move. Pretty cool!
#7 -- Let 'em know who you are.
Years ago,nh when I worked for IBM, I was on a business trip to Minneapolis with a group of other project managers. We all had identical IBM ThinkPads at the time, and we all went through airport security at the same time. That was a mistake -- we had to turn all of the computers on to figure out if we had the right machines! We solved that problem before the trip home by simply taping a business card to the top or bottom of each computer so that a quick glance would help us ascertain which laptop belonged to each person.
This also has a good side effect if you lose your computer, since it makes it very easy for the finder to contact you to return it. That assumes that the finder is a good person and wishes to return the computer to you, of course.
#8 -- Consider laptop insurance.
Many insurance companies provide laptop loss or theft insurance as part of homeowner policies, but if yours doesn't, there are options available. Safeware is a company that has been in the laptop insurance business for a while, and they offer insurance against theft, damage, and even liquid spills for about $100 per year for each $1,000 of equipment cost. While it won't pay for your lost data, insurance can at least get you back to the starting line with new equipment.
#9 -- Get it back
I was lucky, since I left my MacBook Air in a locked classroom at a fairly quiet time of night. What if someone had stolen it? Would I have any chance of recovering my computer?
There are several solutions available for getting your Mac back, but none of them is as comprehensive as Computrace LoJack for Laptops. For $60 a year or less, the theft recovery team at Absolute Software (the developers of LoJack for Laptops) will do their best to locate and recover your laptop. They currently recover about 60 laptops a week for subscribers.
My favorite for Macs is Orbicule's Undercover, which is a Mac OS X app that not only sends out location information using WiFi and the Skyhook Wireless geolocation technology, but also fakes a failure of the laptop hardware and even starts yelling using the Mac OS X text-to-speech technology. Undercover sends pictures from the iSight camera in your MacBook, so you can identify the location of your computer and get photos of the thief for law enforcement officers.
So, that's what was going through my mind this morning when I realized I had left my MacBook in the classroom. My story had a happy ending, and hopefully some of these tips can give you a bit more peace of mind if you lose your MacBook or have it stolen. If you have additional tips or hints for data security or recovery of your MacBook, please let us know about them by leaving a comment below.