First steps to mitigate the problem:
If your device is still missing
If your device is lost or seized by a third party and you did not get it back, the first steps to take are the following:
- Step 1: When your device has access to accounts (email, social media or web account) remove the authorization for this device for all accounts. This can be done by going to your accounts online and changing the account permissions.
- Step 2: Change the passwords for all accounts that are accessible by this device.
- Step 3: Turn on 2-factor authentication for all accounts that were accessible by this device. Please note that not all accounts support 2-factor authentication [See 2-factor notes from ‘Account Hijack’ section].
- Step 4: If you have a tool installed on your lost devices that allows you to erase the data and the history of your device, use it.
If you get your device back
If your device was lost, taken by a third party or had to be handed over at a border crossing but you have it back, be careful as you do not know who has had access to it. Depending on the level of risk you’re facing, you may want to treat the device as if it is now untrusted or compromised. Ask yourself the following questions and assess the risk that your device has been compromised:
- How long was the device out of your sight?
- Who potentially could have had access to it?
- Why would they want access to it?
- Are there signs that the device has been physically tampered with?
For more extensive threat modeling assistance see the Surveillance Self Defense Guide.
If you have lost contact with your device for an extended period of time and you feel there is a chance that something has been installed on it, please consider the following:
- Computer: reinstall the OS from scratch and recover all documents from the last backup and scan all your documents and files with antivirus software. For more guidance on this, see cleaning up your device in the malware section.
- Phones and tablets: Depending on your level of risk and the circumstances under which your mobile phone or tablet was taken, it may be advisable to not use it again. If possible, migrate all of the data off of your phone or tables and purchase a new one. If you cannot change devices but you suspect it might be compromised, take precautions and do not use your phone or tablet for sensitive communication or opening sensitive files. Do not take it with you when going to sensitive meetings or have it with you when discussing sensitive topics.