Check out the Youtube channel

Laptop Stolen, Lessons Learned

Written by Eduard Fastovski

Sep 28, 2023

I’m not a cybersecurity expert, but a couple weeks ago my laptop was stolen from my Airbnb while visiting Barcelona, together with my passport and wallet, so I’ve been doing a lot of research on the topic!

I’ve remembered that, as digital businesses, you and I need to be more careful than regular people who just use their laptops for personal things. We simply have a lot more to lose.

The theft of my laptop meant I lost a lot of work that had not been backed up. I also got stuck in Spain for a week, unable to work, and I had to order and wait for my new laptop to be delivered.

So it’s disrupted my business - everything was put on hold for 2-3 weeks, which for me means no income.

But that’s just the tip of the iceberg.

The scariest thing is if these thieves are able to crack my login and get into my laptop. It’s very unlikely they are smart enough to do this, but the possibility is worrying because it would let them log in to various accounts from that computer.

They could use this to impersonate me and contact my clients or followers, or for blackmail.

As Shopify store owners, freelancers, or anyone with a digital business, you must be mindful of this.

So today let’s learn from my mistakes.

1. Use a strong password for your laptop login.

I’ve always been careful about not getting hacked online, and I have secure passwords for all websites, but I never really considered my device could be stolen. My laptop login password was quite weak.

I purposefully made it very short so that it’s quick for me to type it when I’m at home, opening and closing my computer like 50 times per day.

Why not use Touch ID? My fingerprint is almost constantly damaged from bouldering, so it doesn’t work well for me.

Anyway, this was a big mistake. If my password was better I wouldn’t be as worried.

Make sure your password is at least 2-3 words, preferably that are not in the English dictionary (another language maybe), and with some numbers or symbols thrown in.

2. I wasn’t using a password manager. Google Chrome is not enough!

If thieves get into your computer and then open up Google Chrome - they can use Google’s auto-fill to log in to all your online accounts.

In other password managers like 1password, you need to enter a master password before using auto-fill.

You can also set up Two-factor authentication through 1password, instead of using SMS - which fails if your phone is stolen.

Google Chrome’s password manager isn’t as robust, which is why I have now switched to 1password instead.

2.1 Don’t store sensitive info in note-taking apps!

I have a friend who writes down all his passwords in the Notes app on his iPhone. This is very risky.

Anyone who can unlock his phone, or access his iCloud account through the web, will immediately have access to all his other passwords.

Luckily he doesn’t run an online business.

Maybe you’re not that bad. But you still might keep sensitive data like bank or card info, addresses, or usernames in a note-taking app, or on Google Drive or Dropbox.

You need to move that stuff out of there ASAP and find a better solution.

Again, I’m now using 1password for this because besides being a password manager it also can store your credit cards, secure notes, and identity documents like scans of your passport, driver’s licence, etc…

location

I have a family account with my girlfriend so it’s easy to get each other’s info from there if needed for travel or if something goes wrong.

2.2 Syncing Google Drive with your computer? Don’t store anything sensitive there.

I had a folder that was synced with Google Drive. It didn’t contain passwords but there were some banking and crypto related things, and ID documents.

Since they were synced to the computer, there is a downloaded copy of all those files on my stolen Macbook.

Dropbox allows you to put an additional password on any folder. Google Drive does not.

3. Enable “Find My’ for Apple devices

I can actually see exactly where my laptop is located.

location

This is because I had Find My enabled (at least I did something right).

It’s frustrating, because I would love to go there and take it back. It’s just a few blocks away from where I was staying.

Unfortunately, it’s an apartment building. There are at least 20 apartments, and even the Police can’t just go and raid everybody living there.

However, Find My was useful for reporting to the police. I was able to easily get my serial number, and report the exact time it was stolen.

They said that if my laptop starts moving again I can call the Police and they might be able to intercept it if it’s in a public space.

3.1 Get an Airtag for travelling (if you travel with your laptop)

In future, I will also attach an Airtag to my backpack and other valuables, so they can be tracked even without an internet connection.

Airtag works through Apple’s “global mesh network” meaning it uses Bluetooth to talk to other people’s iPhones or Apple devices (without them knowing) and they forward that location to your Find My app.

Pretty cool I think.

3.2 Write down the serial numbers of your devices

Police will ask for this right away so have it ready. If your device is ever found that’s how it will be identified.

While you’re at it, make sure you have scans of your passport too.

4. Enable disk encryption (FileVault if you’re on Mac)

There are ways to get data from your hard drive or SSD without even logging in to the computer. Hackers can connect it to another computer and try to read it.

They might also be able to reset your password through recovery mode.

To prevent this you need disk encryption.

location

On new Macs, this now comes enabled by default, but if it’s more than a couple of years old you might need to enable it yourself.

On Windows, there is a similar feature called Bitlocker but it doesn’t come with Home versions of Windows, so you might need to look for third-party tools.

Learn how to enable FileVault on Mac. Or check out Bitlocker on Windows (Windows Pro and Enterprise only).

5. Look out for phishing emails

A couple of weeks after the theft, I started getting emails that looked like they were from Apple.

They said my MacBook had been located, and directed me to login to my iCloud account.

location

check the address it came from

Luckily I noticed the email address, and the suspicious-looking URL that it sent me to.

It was “apple . com-location-maps . com”. This is suspicious because it’s not a subdomain of apple.com. But visually the page looked exactly like the real login page at icloud.com/find, so I could have been fooled.

If I hadn’t noticed this, I might have quickly logged in to check, and by doing this, the hacker would have received my login details.

Why is this happening?

An alternative way to unlock a Macbook when you’ve forgotten your password (or stolen a Macbook) is to log in with the Apple iCloud ID.

The hacker already knows my email - it’s as easy as Googling my name. And now they’re trying to get my password too.

This is just an example of how one crime (theft) can lead to further attacks and targets (hacking, my iCloud, my gmail maybe).

6. If your apartment has a safe, use it! The same goes for apps.

This was my mistake. I ignored the safe and simply left my laptop in my backpack at the room and went out for dinner. My passport and wallet were in there also. They took the entire backpack.

I realized that if an apartment offers a safe, maybe it’s a hint?

The same attitude can be applied to the digital world.

If an app or service offers additional security, don’t ignore it. Consider the consequences of that particular app getting hacked. If it’s not a big deal, don’t worry too much, but if it’s email, Google Drive, Shopify or other important accounts, consider enabling the additional security options.


Obviously, these tips are quite basic. I actually hope you didn’t learn anything new by reading this!

However, this is just a reminder. As business owners, I think we are so focused on moving forward and being optimistic, that we become too trusting, or forget about protecting ourselves. I guess it’s human nature too, to think that bad things happen to other people but never to us.

Anyway, I’m back home, and I will return to making videos and writing posts soon.

Stay safe.

Ed


Want posts like this in your inbox? Subscribe to the newsletter.

Comments