Lost or stolen device? Lock it down remotely - here's how

Here's the whole thing up front: to secure a lost or stolen device remotely, you lock it before you do anything else - and you almost never wipe it first. From any other device you sign in to the maker's find-my portal, flip the device into lost mode, and in two minutes the screen is locked with your passcode, the data's encrypted, the wallet cards are frozen and the thing is broadcasting where it is. The instinct to nuke it immediately is the wrong one: a wipe usually kills the device's ability to report its own location, so you trade your last shot at getting it back for nothing. Lock, mark it lost, suspend the SIM, then decide. This is the vendor-by-vendor version - iPhone, Android, Mac, Windows and Chromebook - in the order I'd actually do it.

The first ten minutes matter more than the next ten days

A lost phone is most findable in the minutes after it goes missing - it's still on, still has signal, and whoever has it hasn't decided what to do with it. So the order is the whole game. Lock it remotely the instant you realise, while it can still be reached; don't spend twenty minutes retracing your steps first. Locking is reversible - if the phone turns up under the car seat, you unlock it and move on. Wiping is not. Make the first action "make it safe and trackable," and leave "make it gone" as a separate, later call you only reach if recovery clearly isn't happening.

And know what locking actually buys you. Every phone, tablet and laptop sold this decade encrypts its storage by default and ties itself to your account, so a locked modern device is already a vault: the data is unreadable without your passcode, the hardware useless without your account credentials. Lost mode isn't a flimsy "please don't look" sign; it's the door of an encrypted safe slamming shut. That's why locking, not wiping, is the right first move - the data is protected the moment the screen locks.

iPhone, iPad and Apple Watch - Find My

From another Apple device open the Find My app, or in any browser go to iCloud's Find My, and sign in with the same Apple Account. Pick the missing device and choose Mark As Lost. That does four things at once: locks the screen with your passcode, suspends Apple Pay and the Wallet cards, shows a custom message with a callback number, and keeps Location Services alive so the device keeps reporting in. On recent iPhones it stays findable for a while even after it's switched off, and reports a final location as the battery dies - which is exactly why you mark it lost early, before someone powers it down.

Leave it locked and watch the map. Only choose Erase This Device if you've accepted it's gone for good or the data's too sensitive to gamble on - and on older models, erasing can drop it off the map. The discipline that matters: do not remove the device from your account while it's missing. Removing it switches off Activation Lock, the one feature turning your stolen phone into a paperweight a thief can't reset and resell. Keep it in Find My until it's physically back in your hand.

Android phones and tablets - Find Hub

Google's locator is now called Find Hub (older help pages still say "Find My Device" - same thing). From another phone open the Find Hub app, or in a browser go to the Find Hub page, and sign in with the Google account that's on the lost phone. Select it and you get three actions: Play sound (for lost-in-the-house), Secure device, and Erase device. Secure is the one you want first: it locks the screen, signs the phone out of your Google account, and lets you leave a message and contact number, while still letting you locate it. Like Apple, Google's network can surface a phone's last known spot even when it's offline.

Two Android gotchas worth knowing. The phone has to have been signed in to Google, online at some point, and have location switched on for any of this to work - a barely-set-up handset gives you little to grab onto. And factory-reset protection is what stops a thief reusing a wiped phone: after an erase it demands the original Google credentials before it'll set up again. So an erased Android, like an erased iPhone, is locked, not freed - same rule, don't remove it from your account until you have it back.

Mac, Windows laptop and Chromebook

Laptops are where most people have no plan, and they hold the stuff that actually hurts - saved logins, work files, a browser signed into everything.

  • Mac: it's in the same Find My as your iPhone. Sign in to iCloud Find My, pick the Mac, and Mark As Lost to lock it with a passcode and display a message, or Erase if it's gone. A Mac with Activation Lock on (the default on Apple-silicon machines with Find My enabled) won't reactivate after an erase without your Apple Account - same protection as the phone.
  • Windows laptop: there's no live remote lock on the consumer side, which trips people up. "Find my device" shows a location if it was enabled beforehand, but it won't push a lock command. The real lever is your Microsoft account: from another machine, change your password and sign out the laptop's sessions, which kicks it out of anything tied to that account - your fastest way to cut off access remotely. And if the drive was encrypted with BitLocker (turn it on now if it isn't), the data is unreadable without the key regardless.
  • Chromebook: a personal Chromebook can't be remotely wiped, so do the same Microsoft-style move on the Google side: change your Google password and sign out all sessions, which boots the Chromebook from your account. (Chromebooks managed through a school or business can be remotely disabled by their admin - if it's one of those, that's who to call.)

The honest takeaway on laptops: the protection is the encryption and the account sign-out, not a dramatic remote-lock button. BitLocker on Windows and FileVault on Mac are the difference between "they have my files" and "they have an encrypted brick." Turn full-disk encryption on every laptop you own before you ever need it - that's the move that makes a lost laptop an annoyance instead of a data breach, and it sits right next to our small-business backup primer: encrypted on the device, and backed up somewhere else.

The SIM is the part everyone forgets

Here's the move that separates people who've done this before from people in a panic: suspend the SIM. Most theft advice stops at "lock the phone" and misses that the SIM is a master key on its own. With your number, a thief receives your SMS two-factor codes, and with those they can reset the passwords on your email, your bank, the lot - your locked phone is irrelevant if your number is doing the work for them. Suspending the SIM cuts that path instantly. Every major Australian carrier will do it over the phone or in their app the moment you report the device lost, usually couriering a replacement SIM that keeps your number. Do it even if the phone itself is locked tight.

Then, and only then, decide whether to wipe

Once it's locked, the SIM's suspended and you've watched the map for a bit, you can make the wipe call with a clear head instead of in fight-or-flight. My rule of thumb:

  • Don't wipe yet if there's any realistic chance of recovery - the device is showing a plausible location, it's recently been online, or it's insured and you want the location for the police report. A locked device is already safe; wiping mostly just blinds you.
  • Do wipe if it holds something you genuinely can't risk being accessed - client data, health records, a password manager you can't be certain is locked - and you've accepted the hardware is gone. The data is the asset; the aluminium isn't.

And the thing nobody says out loud: never go and get it yourself. The map shows a dot, not whether the person standing on it is dangerous. Give the location and the event number to police. A replaceable phone isn't worth a confrontation, and chasing the dot is how a property crime turns into something far worse.

The five-minute version

If it just happened and you want the list, in order:

  1. Lock it remotely now - Find My (Apple), Find Hub (Android), or your Microsoft/Google account for a laptop. Locked, with a callback message, while it's still likely on.
  2. Suspend the SIM - one call to your telco. Kills the path to your SMS codes.
  3. Report it - police for an event number (insurance + so you're not tempted to chase it), bank to freeze any wallet cards.
  4. Change the keys - your email password first (it's the master key to everything), then banking, then anything that auto-fills on that device.
  5. Wipe only if needed - watch the map for a day; erase only if recovery's hopeless or the data's too sensitive to gamble. Never remove it from your account while it's missing.

The real fix is the boring one you do beforehand

Everything above works far better - or at all - if it was set up before the device walked. So the genuinely useful thing isn't this article on the day; it's ten minutes now, while nothing's wrong, turning find-my on for every phone, tablet and laptop you own, switching on full-disk encryption, and making sure your two-factor isn't relying solely on SMS to a number a thief could take. Do that and a lost device becomes a locked screen and an annoying afternoon, not a scramble to change thirty passwords while wondering what's already gone. That's the principle that runs through all of our backup and resilience guides: design for the bad day on purpose, before it arrives. A stolen laptop that's encrypted and backed up is a shopping trip; an unencrypted one with no backup is a catastrophe - and the only difference is ten minutes you spend today.

Lost or stolen device: common questions

How do I secure a lost or stolen device remotely?
From any other device, sign in to the maker's find-my portal and put the device into its lost or activation-lock mode: iCloud Find My for an iPhone, iPad or Mac, Google Find Hub for Android, your Microsoft account's Devices page for a Windows laptop, your Google account for a Chromebook. Lost mode locks the screen with your own passcode, shows a message and a callback number, and on a phone suspends the cards in the wallet. Do that first, before you decide whether to wipe, because a remote wipe can end the device's ability to report its own location.
Should I wipe a stolen phone or laptop, or just lock it?
Lock first, wipe last. Lost mode already encrypts and locks a modern device, and it keeps reporting its location so it can still be recovered. A remote wipe is the nuclear option for when the device holds something you genuinely can't risk, like client records or saved banking logins, and you've accepted you're not getting it back. The catch: once wiped, most devices go quiet and you lose any chance of locating them. Lock, watch the map for a day, then wipe only if recovery looks hopeless or the data's too sensitive to gamble.
Can I track a phone after it has been turned off?
Sometimes, on newer hardware. A recent iPhone can stay findable for hours after it's powered down and reports its last location when the battery dies, and Android's network will surface a device's last known spot even when it's offline. But assume a thief will turn it off or pull the SIM. That's exactly why you lock and mark it lost the instant you realise, while it's most likely still on, rather than waiting and hoping.
Will a factory reset let a thief use my stolen phone?
No, if activation lock is on - and on any phone sold this decade it's on by default. An iPhone tied to your Apple Account, or an Android tied to your Google account, demands those original credentials after a reset before it will set up again. A wiped-but-locked phone is a paperweight to a thief, which is the whole point: it protects your data and kills the resale value. The one thing that breaks this is signing the device out of your account yourself, so never remove a lost device from Find My until it's physically back in your hands.
Do I need to tell police or my bank if my device is stolen?
Yes to both, and quickly. Report the theft to police and get an event number, both for insurance and because you must never go to the location on the map yourself. Call your bank to freeze or re-issue any cards stored in the device's wallet, and call your telco to suspend the SIM so it can't be used to receive your SMS two-factor codes. The SIM is the part people forget, and it's the one that lets a thief reset your other accounts.
What if I never set up find-my before the device went missing?
You have far fewer options, which is the lesson. If the device was signed in to an Apple, Google or Microsoft account, that account may still let you change the password, sign out the device's sessions and force a logout, which protects the data even if you can't locate the hardware. After that, change the passwords on everything important and suspend the SIM. Then turn find-my on for every other device you own today, so next time you're locking a screen instead of changing thirty passwords.

Locked it down but not sure what the thief could still reach - your email, your banking, your saved logins? That's worth sorting calmly rather than guessing. Tell us what's gone missing and we'll help you work out what's exposed and lock the rest of it down properly - no jargon, no upsell, no panic.