TrackItBack / Work Devices

Company Phone or Laptop Lost – What To Do Immediately

A missing work device isn’t just an inconvenience — it’s a security incident. Corporate laptops and phones often contain emails, documents, passwords, internal tools, client data, and VPN access. The faster you act, the lower the risk to your company and your job.

Don’t try to “quietly fix it” yourself. Organizations prefer accurate reporting, not surprises later when unusual logins or data access flags appear.

Step 1 – Notify your manager and IT/security team

This should be your very first action. Even if you think the device might turn up at home, notify IT anyway.

  • Tell them when and where it was last seen.
  • Specify what type of device it was and whether it was work-issued or BYOD.
  • Explain what accounts or documents were accessible.
IT can take immediate steps you cannot: remote lock, remote wipe, session revocation, access monitoring, device tracking, and compliance documentation.

Step 2 – Report the incident formally if required

Many companies — especially those handling customer data, healthcare information, financial accounts, or regulated industry data — require an incident ticket or written report.

  • Security teams need a timestamp for audit logs.
  • Insurance may require an official loss report.
  • Legal/compliance teams may need documentation.

Step 3 – Revoke access to accounts tied to the device

Work devices are often logged in to high-risk systems:

  • Company email and calendar
  • Internal tools (Slack, Teams, Jira, GitHub, CRM, etc.)
  • VPN access tokens
  • Shared drives and cloud storage
  • Password manager extensions
Do NOT reset 20 passwords randomly — coordinate with IT. Some companies require staged resets to avoid accidentally locking out automated systems.

Step 4 – Let IT perform remote actions

Modern corporate devices often support remote commands:

  • Remote lock (prevents further access)
  • Remote wipe (erases sensitive data)
  • Device tracking or last-seen location
  • Network access revocation

If you are asked whether remote wipe is acceptable, be honest about whether any personal data is on the device.

Step 5 – Document any sensitive data stored locally

IT/security may ask:

  • Was anything stored outside encrypted containers?
  • Were client files cached locally?
  • Were browser tabs logged into internal dashboards?
  • Was 2FA tied to the device?

Provide detail, not guesses. They’re trying to assess risk, not blame you.

Step 6 – File external reports if needed

Depending on the situation:

  • Police report if device was stolen or contains regulated data.
  • Venue report (airport, café, conference, rideshare).
  • Travel insurance if applicable.
If theft is possible, never attempt in-person recovery. Let authorities handle it.