In a group chat this last month, a few of us were discussing the pros and cons of the places we live. One person said that it had been really problematic for them that, as users of a particular maker of devices, they didn't have an Apple Store in the small city where they'd recently moved.
Remote work means you have flexibility with where you live. That could mean that you don't have access to the physical store or web shop where you bought your device. So your options for getting reliable help can shrink.
What does it mean to hand the computer over to a repair shop? You're letting the device out of your sight, and so, it no longer benefits from your watchful protection. You are giving an unknown number of unknown people physical access to your device. Even temporary physical access is any threat actor's (glossary) dream scenario.
This holds true for your phone, tablet－anything that runs software.
We shouldn't automatically trust unknown people to not tamper with the devices through which we do business and live our lives. You too bank, do taxes, and talk with close friends and family on your devices. We need to know that these devices are safe to use.
Now that you know this, you can reduce the risk of data breach (glossary) by taking simple precautions before giving your device away.
Before handing over the device
Do this at home. You won't have time to do it at the counter before handover.
- Confirm you have up-to-date backups: Sometimes repair requires the shop to reset your computer, wiping your files. If you have automatic backups setup (offsite or local), all you need to do is check they are working as expected. Trigger a backup right now to ensure it has the latest of your files.
- Confirm that your storage is encrypted (glossary): on MacOS, you do this with FileVault.
- Confirm your operating system (glossary) is as expected: Most Macs made since 2018 have some form of Secure Boot, the ability to confirm that the MacOS running on it has not been tampered with. Some Intel Macs have Secure Boot. All Apple Silicon Macs have Secure Boot. Use Startup Security Utility (instructions for Intel Macs, instructions for Apple Silicon) to check. Full Security should be the currently selected option, and Disallow booting from external/removable too. After getting your computer back, you will repeat this step.
- Decide if you'll accept a rental computer while you wait for yours to be repaired: some repair shops offer this convenience, at a price. You may prefer to consider the offer for longer than is possible while someone is waiting for your answer. If you intend to use the rental device as you would your own, you'll need to take steps to ensure it's trustworthy. Fallback to one of your other devices whenever possible. You can get a lot done with a tablet and a phone.
After getting back your device
Do this in the shop.
- Turn on your computer: Just a quick thing to check it's booting. Saves you a trip back in case of problems.
Do this at home.
- Re-confirm your operating system (glossary) is as expected: This is the other side of the similar check you did before repair. Use Startup Security Utility (instructions for Intel Macs, instructions for Apple Silicon) to check. Full Security should be the currently selected option, and Disallow booting from external/removable too.
- If needed, restore from a backup: sometimes repair requires the shop to reset your computer, wiping your files. Remember you confirmed your backup is current? Now use that backup to get all your files back as they were right before you gave away your computer.
- If needed, do the usual things to continue setting up your device: install apps that you need (such as your password manager and MFA tool), turn on storage encryption, and so on.