Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
Actions On Cyber logo
Contact
← Back to Actions On Actions On Drill

Actions On: Lost Laptop or Phone

Use this drill when a work device is lost, stolen or left somewhere public.

Purpose: This drill is designed for small organisations without a dedicated cyber team.

Immediate actions

  1. Report the lost device immediately.
  2. Record the device type, owner, last known location and time lost.
  3. Use remote lock or wipe if available.
  4. Change passwords for accounts accessed from the device.
  5. Check whether personal, customer or confidential data was stored on the device.
  6. If stolen, report it to the police and retain the reference.

Do not

  • Do not delay reporting because it feels embarrassing.
  • Do not assume the device is safe because it has a password.
  • Do not reuse passwords for replacement devices or accounts.
  • Do not ignore the possibility that business or personal data may be exposed.

Escalate if

  • Money, customer data, staff data or business-critical services may be affected.
  • The device contained unencrypted personal or confidential information.
  • You suspect criminal fraud, theft or unauthorised access.
  • You are unsure what has been exposed.

After-action review

  • Was reporting simple?
  • Was MFA enabled?
  • Was the device encrypted?
  • Was remote lock or wipe available?
  • Were roles clear?
  • What control would reduce the chance or impact of this happening again?
Note: Practical guidance only. Seek specialist support where personal data, money loss or criminal activity may be involved.