Center For Practice Management, Security

What To Do If Your Laptop is Lost or Stolen

A stylized drawing shows a person sitting on a chair with their head in their hands, appearing distressed. Above their head, numerous small clouds with sad faces and various symbols, such as raindrops, lightning bolts, and question marks, float around, representing a chaotic and troubled mind. The background is simple, with minimal details, emphasizing the central figure's emotional turmoil. This image visually conveys the concept of anxiety, depression, or overwhelming thoughtsRealizing that your firm or personal laptop has been lost or stolen is a panic inducing moment. While in a best-case scenario you would have taken numerous steps to secure your laptop, even if you have taken all the precautions there is a checklist of steps to take as soon as possible to reduce exposure of sensitive, confidential and personal information.

First Things First

If your firm owned laptop goes missing the first thing you will want to do is notify your firm. Whether the firm employs an IT person or outsources to a managed IT company, let them know at once. They will likely have a process or checklist to address what needs to be done to secure the laptop. If you are unsure if there is a process, or you are a solo or a small firm owner, here are steps to take to reduce exposure of confidential and sensitive information.

Change Your Passwords

Most people have dozens of passwords. Changing them all is a daunting task without a password manager. You may not even be able to clearly think of all the accounts that you have right away. Focus on the accounts that, if accessed, could enable the thief to access financial information or change your other account passwords. This means your banking and credit card accounts and your email accounts. Follow with any SaaS based practice management, time and billing, document management or other legal applications. Next, any shopping accounts and online payment tools like Venmo, Apple Pay, or Google Wallet. Follow up with any other accounts that could expose financial or client information. Don’t forget to change passwords for any social media accounts as well.

As you change your passwords, enable multi-factor authentication if you haven’t already. Use an authenticator instead of a text message where possible.

Change the Wi-Fi password at work, home, and other places where you have admin access to the Wi-Fi network.

Browsers and Deauthorizing Devices

If you typically log in to a browser (or two or three) go into the browser settings for each one and erase any saved passwords, browser history, cookies, and disable autofill.

In many cases you have also logged into other accounts using a Google, Edge, Apple or Facebook account. For instance, go to your Google account and in the Settings look in Data & Privacy. Scroll down to “Data from apps and services you use” and in Third-party apps & services delete all connections with third-party apps, linked accounts, and other account access.

Many people authorize devices on their accounts. For instance, if you use Facebook go into the Meta Privacy Center and while you are changing your password go to “Where you’re logged in” and log out of your laptop remotely. Do this for any other accounts where you are commonly logged in to multiple devices (Microsoft, social media, Apple, Google, etc.). Remove the device from trusted device lists and remotely revoke access where possible.

If you have saved any payment information on a website, you should consider removing the saved credit card or payment information.

Reporting the Theft

You can and should report the stolen device to law enforcement. If you plan to claim the loss on insurance, you will need a police report.

Report the theft to your financial institutions including credit card companies and banks and get new credit cards and set an alert on your accounts. If you can set up text or email notifications for transactions where your card isn’t present, get those set up.

Report your stolen laptop to the manufacturer. In some cases, if you have the serial number, they can check technical support requests against a stolen device list.

You should check the security breach statute(s) for applicable jurisdictions and consider if any information that resides on the laptop would require you to submit a notification. If your laptop hard drive is encrypted, check to see if that encryption provides a safe harbor from reporting data breach.

Freeze your credit reports with the major credit reporting agencies.

Monitor Activity

Consider getting an identity theft monitoring service.

You can get a password manager with dark web monitoring services or upgrade your existing password manager if your current subscription doesn’t already include it.

Scrutinize all bills, bank statements, and credit reports.

Set up notifications via email or text message on your accounts and services to let you know if someone tries to log in to your account.

Track Your Laptop

It is possible that you can use the “find my device” system to find and control your laptop. The caveat is that the laptop will need to be turned on and on the internet.

If you have an Apple laptop and “Find My” is enabled, you will be able to view connected devices on a map and take actions to secure the device like remotely erasing contents and locking them down.

Microsoft also has a “find my device” feature for Windows laptops. Sign in and select the Find My Device tab. Choose the device, select Find to see a map with your device’s location, and lock the device remotely.

Conclusion

The more you can do to secure your device and accounts in advance, the more successful you will be in rendering your stolen or lost device useless. Hard drive encryption, password managers, multi-factor authentication, an Incident Response Plan, enabling remote location tracking and other measures can help you mitigate the risk of personal and firm information. Having a good backup will help mitigate data loss so you can get back to serving clients.