Learn
Securing a laptop you carry around — protecting against theft, loss, and shoulder-surfing
If you carry a laptop, the premise is 'you'll lose it or it'll be stolen someday.' So defense is designed so that losing it doesn't leak the contents — disk encryption, a strong login with auto-lock, and remote wipe are the foundation. With realistic public-Wi-Fi and shoulder-surfing advice, explained defensively.
If you take a laptop outside, the starting point is one idea — prepare as if you'll lose it or it'll be stolen. No attack steps here, just the measures that keep a loss from becoming a breach.
If you lost this PC right now, what leaks?
It's not "just a laptop." Inside is a bundle of cascading keys.
Without encryption, all of it is read just by pulling the drive. So the starting point is making the data ciphertext.
✗ No encryption
The drive is pulled and everything is read = data breach
◎ Encrypted
Contents are ciphertext = you only lost the hardware
The three foundations (in order)
Turn on disk encryption (top priority)
Strong login + a short auto-lock
Set up remote wipe and locate
MFA on important accounts
Public Wi-Fi and shoulder-surfing — the realistic take
This is where misconceptions cluster. Set priorities calmly.
Often overrated
- "Public Wi-Fi = your traffic gets sniffed" — less so with HTTPS everywhere
- "A VPN makes it safe" — privacy benefits, but not a cure-all
What actually helps
- Insist on HTTPS (don't ignore the lock icon / cert warnings)
- A privacy filter against over-the-shoulder peeking
- Beware rogue APs (don't auto-join unknown SSIDs)
- Always lock when you step away (the few-second gap is the real risk)
This site's view: encryption and lock before a VPN
"Public Wi-Fi" reflexively brings "VPN" to mind, but on this site we think the priority is backwards. Almost all traffic is HTTPS-encrypted now, so the real harm from sniffing is down. Meanwhile, the risk of the laptop itself being lost, stolen, or peeked at is universal. So invest first in disk encryption and a short auto-lock. A VPN is an extra layer you add when the goal is clear (privacy on an untrusted link, geo-restrictions), not a substitute for protecting the device itself. Getting the order right is the most defense for the least effort.
Physical measures (unglamorous, effective)
Guard against grab-and-go
Privacy filter
Don't advertise it
Read next
- Encryption: What is BitLocker (disk encryption)
- Inventory: Security inventory (auditing the PC that holds your keys)
- Two-step: Multi-factor authentication (MFA) guide · Storage: How to choose a password manager
FAQ
QWhat's the single most important measure?
Disk encryption (BitLocker on Windows, FileVault on Mac). Without it, a thief pulls the drive and reads everything. With it, the loss shrinks to 'you only lost the hardware.' Next, add a strong login (fingerprint/PIN) that auto-locks quickly, plus remote wipe/locate.
QIs a VPN required on public Wi-Fi?
Not really required. Most sites now use HTTPS, so traffic sniffing matters far less than it used to. The real public-Wi-Fi risks are rogue access points, shoulder-surfing, and someone using your machine while you step away. A VPN has privacy benefits but isn't a cure-all — disk encryption, auto-lock, and HTTPS matter more first.
QWhat if it gets stolen?
It depends on prior setup. (1) Remote-wipe/lock it (Windows 'Find my device' / Microsoft account, Mac 'Find My'); (2) change the passwords saved/autofilled on that PC, important ones first; (3) revoke and rotate any keys (e.g. SSH) you kept on the device. If it was encrypted and auto-locked, you also get the calm time to do all this.