If a Laptop Gets Stolen Tomorrow: What Should Happen?

If a Laptop Gets Stolen Tomorrow: What Should Happen?

A laptop gets left in a coffee shop. A phone falls out of a pocket at a job site. A car gets broken into at a hotel. These aren’t unusual events—they happen all the time.

The question isn’t whether a device will ever be lost or stolen. The question is: when it happens, how bad will it be?

Why this matters

A lost device is a hardware cost. A lost device with unencrypted access to your email, client files, and business applications is a data breach. The difference between those two outcomes comes down to a few settings that take minutes to enable.

What to do (30 minutes)

Turn on disk encryption

Disk encryption scrambles everything on the drive so that someone who steals the device can’t just pull the hard drive and read your files.

  • Windows: Turn on BitLocker (available on Windows Pro and Enterprise). Settings > Privacy & Security > Device encryption. Save the recovery key somewhere safe—your password manager or a printed copy in a secure location.
  • macOS: Turn on FileVault. System Settings > Privacy & Security > FileVault. Save the recovery key.

On modern hardware, encryption runs in the background with no noticeable performance impact. There’s no reason not to do this.

Require a screen lock

This sounds basic, but: every device should lock automatically after a few minutes of inactivity, and unlocking should require a password, PIN, or biometric.

  • Computers: Set auto-lock to 5 minutes or less. Require password on wake.
  • Phones: Set auto-lock to 1-2 minutes. Use a 6-digit PIN minimum, or biometric (face/fingerprint).

Know where your files actually live

Before a device goes missing, you need to know the answer to this: if that device disappeared right now, what data is gone?

  • Cloud-first is safer. If your files live in OneDrive, Google Drive, or SharePoint, losing a device doesn’t mean losing data. The files exist in the cloud and can be accessed from another device.
  • Local-only files are the risk. If someone saves work to their Desktop or Documents folder without cloud sync, those files exist only on that device. A lost device means lost work.
  • Audit this. Ask your team: “Where do you save your files?” The answers might surprise you.

Set up remote wipe (if possible)

Remote wipe lets you erase a device over the internet if it’s lost or stolen.

  • Microsoft 365: If devices are enrolled in Intune or Basic Mobility and Security, you can wipe them from the admin center.
  • Google Workspace: Admins can wipe devices from the admin console under Devices.
  • Apple: Find My iPhone/Mac can erase devices remotely.
  • Android: Google’s Find My Device can lock or erase.

Remote wipe isn’t perfect—it only works if the device is powered on and connected to the internet. That’s why encryption is the first line of defense, not remote wipe.

Basic phone hygiene

Phones often have as much access to business data as laptops. Treat them accordingly.

  • Screen lock with PIN or biometric (not a swipe pattern)
  • Keep the OS updated
  • Don’t install apps from outside the official app store
  • If the phone has work email, make sure the account can be remotely removed

Common mistakes

  • No encryption. Without disk encryption, a stolen laptop is an open book. Anyone with basic tools can read the drive.
  • Auto-login enabled. If the device boots straight to the desktop without a password, encryption barely matters—the thief just opens the lid.
  • “Everything is on the laptop.” If files only exist on one device with no cloud sync or backup, a lost device is also lost data. This is preventable.
  • No plan for what to do. When a device goes missing, people panic. Have a simple checklist ready: who to call, how to trigger remote wipe, what passwords to change. Five minutes of planning now saves hours of chaos later.

Quick checklist

  • Disk encryption enabled on all laptops (BitLocker / FileVault)
  • Screen lock with password/PIN/biometric on all devices
  • Auto-lock set to 5 minutes or less
  • Files stored in cloud services, not only locally
  • Remote wipe capability set up and tested
  • Team knows the “lost device” procedure

This post is part of the Minimum Security Posture series.

If you’d like a second set of eyes, I can run through this with you and point out the top risks in your setup—no pressure.

Share this post
X Facebook LINE