Your Work Laptop Was Just Stolen. Here’s Exactly What to Do.

It happens in a blink. A laptop bag left on a passenger seat, a quick trip to the counter for a refill, a hotel room cleaned while you’re at breakfast — and the machine that holds your email, your client files, and your saved passwords is simply… gone.

Take a breath. A stolen laptop doesn’t have to become a stolen business. What happens in the next hour matters far more than the hardware you just lost. Here’s the exact playbook we walk our clients through.

First, the mindset: the data is the emergency, not the device

A laptop is a few hundred dollars and an insurance claim. The real exposure is what’s on it and what it can reach — your inbox, your cloud drives, your banking, your clients’ personal information. Your goal for the next 60 minutes is simple: cut off access, and prove you did.

Your first hour, step by step

1. Lock and wipe it remotely — right now

If the device is enrolled in mobile device management (Microsoft Intune, a Mac MDM) or a “find my device” service, sign in from your phone or another computer and issue a remote lock, then a remote wipe. Lock buys you time; wipe removes the data for good. (This is why enrolling devices before anything goes wrong is non-negotiable — more on that below.)

2. Change the passwords that matter — and sign out everywhere

Start with the keys to the kingdom: your Microsoft 365 or Google account (it resets everything downstream), then banking, your password manager, and anything with payment access. In Microsoft 365 or Google Workspace, use the admin option to revoke all active sessions so a thief’s already-logged-in browser is kicked out. A new password does nothing if their session never expired.

3. Rotate MFA and check for sneaky changes

If the laptop held authenticator apps or saved login codes, reset those too. While you’re in there, check for new mailbox forwarding rules, app passwords, or added recovery emails — classic moves used to keep a back door open after you’ve locked the front one.

4. File a police report — and get the case number

It feels minor, but that report number is the first thing your cyber-insurance carrier and any breach process will ask for. It also protects you if the device is later used for fraud.

5. Call your IT partner (and your insurer)

Loop in whoever runs your IT — they can confirm the wipe actually landed, pull access logs, and tell you what the device could really reach. If you carry cyber insurance, notify the carrier early; many policies require prompt notice, and they often include a breach coach at no extra cost.

Then: was this a reportable breach?

Here’s the part most owners get wrong. Whether you have to notify clients or regulators usually comes down to one question: was the drive encrypted?

• Encrypted drive (BitLocker on Windows, FileVault on Mac): in most states — California included — a lost encrypted device generally isn’t a reportable breach, because the data is unreadable. This “encryption safe harbor” can be the difference between a quiet afternoon and a public notification.
• Unencrypted drive with personal data on it: you may be legally required to notify the people affected and, depending on the data, regulators. Don’t guess — loop in legal counsel and your IT partner to make the call.

Either way, write down what was on the device: client records, health or financial info, saved logins. That inventory drives every decision that follows.

Document everything as you go

Times, actions, who you called, the police case number, the moment the wipe was issued. If this ever becomes an insurance claim or a compliance question, a clean timeline is your best friend.

The real lesson: win this before it happens

Every fast recovery we’ve seen had the same three things in place beforehand:

• Full-disk encryption on every device — BitLocker and FileVault are free and built in. This alone can turn a “breach” into a non-event.
• Device management (MDM) so you can lock or wipe a machine you’ll never physically touch again.
• MFA everywhere, so a stolen laptop isn’t a stolen identity.

Set those up once and a stolen laptop becomes a hardware problem, not a headline. If you’re not sure whether your devices are encrypted and managed, that’s exactly the kind of thing we check — free. Our Incident Response Playbook walks through more scenarios step by step, and here’s why proactive cybersecurity beats cleanup every time.