How I Lost My Laptop Full of Client Data and Barely Broke a Sweat.
Note: This Post originally appeared on Lawyerist.com in 2017 but has since been deprecated. The information below was current in 2017 but has not been updated since.
It was a normal Thursday evening in early January, a relatively nice day for Portland considering the snowmageddon storm we’d had the previous week. I’d decided to work form home that afternoon in part because it was my first chance to have the house to myself after being snowbound with my kids, and I’d perched myself at my favorite spot on the kitchen island where natural light hits from all four sides of our open floor plan.
Whatever I was working on, I’d hit a groove and lost track of time. So when my wife walked in after grabbing the boys from after-school care, I didn’t have a plan for dinner. We decided to hit a local izakaya where my picky first grader loves the ramen—in the summer we’d walk there, but it was already dark, the kids were hungry, and the temp had droped to the 20s (cold by Portland standards). Instead we piled into our car at 6:03 and drove the 8 blocks, not noticing the beat-up green SUV idling down the street as we drove away.
I’d closed my laptop but otherwise left it where it lay. In a separate and unrelated decision, I left a kitchen light on so it wouldn’t seem like no one was home. Might have worked too, at least for someone who hadn’t just watched a family of four drive away.
Later that evening, the police officer speculated that the burglar probably knocked on our front door first, may have even rung the bell. We’ve got a fun dutch door, bright yellow with four panes in the upper half. The same feature that contributed to my peaceful light a few hours before now gave a clear view of the countertop where my MacBook Air sat under what I now imagine to be a spotlight of my own making.
First he jimmied the door to our detached garage with his long-handled screwdriver. Once inside he found a crowbar—my crowbar—and tried to pry open the sliding glass door to the back yard. When that failed he regripped the tool and took a swing, hard enough to embed several shards of glass in the drywall ten feet across the room.
We pulled back into the driveway just after 7 o’clock. My wife and I noticed the side door ajar at about the same time, but with very different reactions. I assumed one of the boys had failed to pull it closed as we left; enough to draw a reprimand but not out of the ordinary. But my wife knew she was the last one out of the house, and she doesn’t make those mistakes.
All things considered it could have been much worse. The saddest loss was some jewelry that my wife inhereited from her mom—stuff that only had real value to our family. Everyone lost something though: a Christmas-present quadcopter for my fourth-grader, some gift cards for the first-grader (whose room was already so messy that we genuinely couldn’t tell whether it had been ransacked).
And for me: my laptop. Shit, my laptop. Even though I’d transitioned away from legal practice, it still had all my old client files on it. Not the only copy mind you—I’ve been a Dropbox user for years—but they were on there, and now they were gone.
Except nobody was going to get to those files unless they had some serious hacking chops because I’d taken just a few simple precautions over the years. Due to those steps, once I got over my original shock at the break-in I spent nearly as much time marveling at the quantity of glass in a double-paned sliding door as I did worrying that my clients’ data had been exposed.
Let me be clear that I take almost no credit for the security of my set-up. That goes to the engineers and developers at Apple who built exellent security features into their operating system (though the good folks at Microsoft, along with some third-party developers, have built similar tools). Where I claim credit is for doing something that far too few people, including far too few lawyers, actually do. I turned them on.
The first security step came when I first bought the MacBook a few years ago. When I lifted the lid for the very first time, flush with the giddiness that accompanies a new toy, the computer itself asked me a simple question: Would I like to enable FileVault? Clicking “Yes” would encrypt the hard drive forevermore, a process that takes almost no time if you do it before there’s anything on it. With that click, I got NIST-level security that, while not unbreakable, would require some serious time and firepower to unscramble.
The second step came when I set up my user account on the machine and was prompted to choose a password. I’m a committed 1Password user, but it isn’t actually convenient to have a password manager manage a password that you need to know in order to access the manager itself. But it had trained me on what a strong password looked like, so I developed a 15-character string of uppers and lowers, numbers and symbols, that had a significance to me but would have been nearly impossible for anyone else to deduce. (I’ve since moved to a string of random words, as discussed by this Ansel Halliburton article.
The third thing I didn’t do right away, and I can’t recall exactly what prompted me to make the change, but at some point I enabled “Find My Mac” as part of my iCloud settings. That effort, it turns out, is the one that gave me the greatest peace of mind and also resulted in our burglar’s arrest (although not the recovery of my laptop).
Find My Mac has a few great features. The first is that you can trigger it remotely—essential considering its purpose, but still cool. After the burglary I just toggled a switch on an iPhone app, and the next time the laptop tried to connect to a WiFi network it would also signal Apple with the network’s whereabouts.
Three nights after the break-in I was watching the Grammys next to our boarded-up door when I got a pop-up on my phone screen: “John’s MacBook Air has been located.” It was accompanied by a map showing a blue dot over an apartment building across town. I immediately called Portland Police, who cautioned me that WiFi locations were often inaccurate. They called back about an hour later, pleased to say they’d made an arrest.
Unfortunately it was short-lived. The assistant DA didn’t like something about the arrest and declined to prosecute. It did turn up some of my wife’s jewelry, but not my laptop (the officer speculated that the burglar had just traded the machine for the drugs in his possession, probably to someone in one of the apartments but they couldn’t figure out which). Around that time the lid on the MacBook must have closed since the blue dot on my phone had disappeared as well.
But Find My Mac has one other feature that solidified my peace-of-mind: remote wipe. When I first got that pop-up on my phone, an icon appeared beneath the map: a green trash can labled “Erase MacBook Air.” I tapped it almost immediately. That triggered the complete erasure of my hard drive, a process that takes a few hours. It was fascinating to watch the progress; I got a few other pings from the machine early the next morning, but the police rightly prioritized safety calls from icy roads over my property crime. One last popup message around 10am: “Your MacBook Air has been erased.”
I still have some work to do. I’m finishing up contacting former law clients to let them know about the breach (though, since my practice was primarily copyright law, I didn’t often handle truly sensitive info). And of course I still had plenty of my own data on the machine, so I reached out to my banks and credit card companies just in case.
I also know my setup is not perfect; in fact I’m sure I risk my peace of mind by sharing this story in a forum with a comment section. My point isn’t to demonstrate my security chops, but to highlight how easy it is for a moderately tech-savvy lawyer to get darn good security with relatively little effort.
For a step-by-step guide to much of what I did, I strongly recommend Lawyerist’s recently updated 4-Step Computer Security Upgrade. If you are a Mac user, you should also check out Apple’s post on what to do “If Your Mac Gets Lost or Stolen” (which deals with Apple mobile devices as well).
Microsoft offers some similar capabilities including Find My Device for locating a lost or stolen machine, BitLocker for disk encryption, and Intune for remote wiping (though some prefer third-party applications for each of those functions).
Those of you with Android or Chrome devices can use Google’s Devices and Activity trackers to manage your devices remotely.
Whatever you do, block out an hour or two on your calendar and double-check your device (and password) security. Better yet, make a recurring appointment with yourself every 6 months or so to make sure your practices are up to date. What could have been a true nightmare for me on that cold Thursday night was nothing more than a minor disruption, just because I took the time to enable a few features that are available to everyone.