Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
Actions On Cyber logo
Contact
← Back to Actions On

Actions On: Lost Laptop or Phone

Use this drill when a work device is lost, stolen or left somewhere public.

Purpose: This drill is designed for small organisations without a dedicated cyber team.

Immediate actions

  1. Report the lost device immediately.
  2. Record device type, owner, last known location and time lost.
  3. Use remote lock or wipe if available.
  4. Change passwords for accounts accessed from the device.
  5. Check whether personal or confidential data was stored.
  6. If stolen, report to police and retain the reference.

Do not

  • Do not delete evidence before it is captured.
  • Do not ignore it because nothing appears to have happened.
  • Do not reuse passwords.
  • Do not delay reporting because it feels embarrassing.

Escalate if

  • Money, customer data, staff data or business-critical services may be affected.
  • You suspect criminal fraud or unauthorised access.
  • You are unsure what has been exposed.

After-action review

  • Was reporting simple?
  • Was MFA enabled?
  • Were roles clear?
  • What control would reduce the chance of this happening again?
Note: Practical guidance only. Seek specialist support where personal data, money loss or criminal activity may be involved.