Decades before Rob Hughes became CISO at RSA Security, he led tech-support at a small marketing-services software company—and got an early crash course in incident response.
“Someone came in and grabbed a bunch of laptops and just ran out of the building,” Hughes said.
These days, employees are likely the ones taking their laptops out of the building, if they even come into the office at all. An especially remote-friendly workforce today means work devices are carried to conferences, airports, hotels, cars, and coffee shops—and sometimes left behind (or taken).
We spoke with IT pros, including Hughes, about what to do when an employee loses a laptop to ensure data is protected and services remain running.
Steal life. If the asset has been abducted, Hughes and Tom Gould, senior architect at consultancy West Monroe, recommend early actions that can be initiated from an enterprise device management platform like Microsoft Intune or a cybersecurity console of choice:
- Check the security profile for defenses, such as encryption and multi-factor authentication
- Remotely wipe a device of corporate data—perhaps email, chat exchanges, and videoconferencing conversations
- Disable access
Phone cases. Mobile device management tools offer similar remote-action capabilities for phones—as long as employees keep IT in the loop about any new mobile devices.
“From the mobile phone perspective, the biggest concern is actually [it] getting reported that it was lost or stolen,” Gould said.
With Intune, Gould and his team have implemented mechanisms that block access from a Windows device or phone that hasn’t been online for a predetermined time frame—say, 30 days.
Get lost! Verizon’s Data Breach Investigations Report, released in April 2025, found that a small portion—149 of the 12,195 breaches studied between Nov. 1, 2023 and Oct. 31, 2024—involved lost or stolen assets.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Lost assets and their involvement in breaches has been trending downward year to year, according to the DBIR, hopefully due to controls rendering data inaccessible when an item disappears. “Either you got the memo that encryption is a good thing or you did not,” the DBIR said.
But we all lose stuff.
“People are working from all over the place, and I can’t honestly say how much insight employers have on where their employers are working. So, the odds and chances of someone leaving a device at a random location are much greater,” Gould said.
Lost in space. For lost devices, many third-party cybersecurity tools, including Microsoft’s Entra ID or Defender, can reveal the last time and location of a user’s device login, Gould told us.
Hughes, similarly, recommends reviewing logs from identity-management tools to spot known attempted login locations.
For signs of a more targeted attack, Hughes advises IT pros to consider the risk profile of the employee. “Were they someone that was setting up the booth at a conference, or were they a high-profile target, like the CEO?” he suggested asking.
Hughes also recommends an IT pro review other valuable items that might be stored in a bag with a laptop, like ID badges, USB drives, and security tokens.
The missing laptop problem is an easier one to address, Hughes told us, since the days where threat actors would scoop up laptops like they were running through the aisles in Supermarket Sweep. A major improvement, he said, has been that mechanisms like passcodes and encryption are standard.
“I don’t really have a big worry about someone losing a laptop. It’s fairly routine, because we have good protections in place,” Hughes said.