4.3/5 TrustpilotOFCOM regulated
← Back to Blog

Business Phone Stolen? Here's Exactly What to Do (And How to Prevent It)

Business Phone Stolen? Here is Exactly What to Do (And How to Prevent It)

A mobile phone is stolen every six minutes in the UK. That is 240 phones a day. Over 87,000 a year.

Business phones are prime targets. They are expensive. They are carried everywhere. And they are often left on tables in coffee shops, on car seats, and on desks in shared workspaces.

When a personal phone is stolen, it is stressful. When a business phone is stolen, it is potentially catastrophic. That phone has access to your email, your banking, your customer data, your CRM, your social media accounts, and your documents.

This guide covers two things. First, exactly what to do in the minutes and hours after a phone is stolen. Second, the prevention steps that make theft far less damaging if it does happen.

The IMMEDIATE Response: First 30 Minutes

When you realise a business phone is gone, speed matters. The faster you act, the less damage is done. Follow these steps in order.

Step 1: Remote Lock the Phone

Do this first. Before calling the police. Before panicking. Lock the phone remotely.

If it is an iPhone:

  1. Go to icloud.com/find from any web browser or use the Find My app on another Apple device
  2. Sign in with the Apple ID used on the stolen phone
  3. Select the missing device from the list
  4. Click "Mark As Lost"
  5. This locks the phone with your passcode, disables Apple Pay, and displays a custom message with a contact number on the lock screen
  6. The phone will continue to track its location even if the thief turns off WiFi

If it is an Android phone:

  1. Go to google.com/android/find from any web browser or use the Find My Device app on another Android device
  2. Sign in with the Google account used on the stolen phone
  3. Select the missing device
  4. Click "Secure device"
  5. This locks the phone with your PIN, password, or pattern. You can add a message and phone number to the lock screen
  6. If location is enabled, you will see the phone's last known location on a map

Do not wait. Do not hope it turns up. Lock it immediately. You can always unlock it later if you find it down the back of the sofa.

Step 2: Change Passwords for Email, Banking, and CRM

From another device (a computer, a colleague's phone, anything), change the passwords for:

  • Business email (Microsoft 365, Google Workspace, or whatever you use). This is the most critical one. Your email is the gateway to everything. Password resets, client communications, financial information. It all goes through email.
  • Business banking. Log into your banking portal and change passwords. If the banking app uses biometric login only (no password fallback on the stolen device), you may be safe, but change the password anyway.
  • CRM system. If your team uses Salesforce, HubSpot, Pipedrive, or any other CRM, change the password and revoke the session on the stolen device if possible.
  • Cloud storage. Google Drive, OneDrive, Dropbox, SharePoint. Change passwords and check for any recent file access or downloads.
  • Social media. If business social media accounts are logged in on the phone, change those passwords too. A thief posting from your business accounts can cause real reputational damage.

Most services allow you to "sign out of all devices" from the security settings. Use this feature. It forces the stolen phone to re-authenticate, which the thief cannot do without the new password.

Step 3: Call Your Network to Block the SIM

Contact your mobile network provider and report the phone as stolen. They will block the SIM card, which prevents anyone from:

  • Making calls on your account
  • Sending texts from your number
  • Using your mobile data
  • Receiving verification codes sent by SMS to your number (this is important because it stops the thief using your phone number to bypass two-factor authentication)

Network contact numbers for business accounts:

  • EE Business: 0800 956 6100
  • Vodafone Business: 0808 060 0802
  • O2 Business: 0800 977 7337
  • Three Business: 0333 338 1001

Have your account details ready. They will ask for verification to confirm you are the account holder.

You can also ask the network to block the phone's IMEI number. This prevents the phone from being used on any UK network, even with a different SIM card. You will need the IMEI number, which you can find on the phone's original box, on your purchase receipt, or in your network's online account portal.

Step 4: Report to the Police

Call 101 (the non-emergency number) or report online through your local police force's website.

You need a crime reference number. This is essential for:

  • Insurance claims (they will not process without it)
  • Network IMEI blocking
  • If the phone is recovered

When reporting, provide:

  • The make, model, and colour of the phone
  • The IMEI number (if you have it)
  • Where and when the theft happened
  • Any description of the thief (if you saw them)
  • Whether Find My showed a location

Be realistic about police response. Phone theft is common and police resources are stretched. They may not investigate actively, but the crime reference number is what matters.

Step 5: Notify Your IT Team or Manager

If your business has an IT team or manager, tell them immediately. They may need to:

  • Revoke the phone's access to company systems
  • Change shared passwords or access codes
  • Check for any unauthorised access to business systems
  • Activate incident response procedures
  • Start the GDPR breach assessment

If you are the business owner and there is no IT team, you still need to assess the data on the phone and decide whether it constitutes a GDPR breach.

Step 6: Remote Wipe if You Cannot Recover It

If Find My shows the phone is moving, is in an unfamiliar location, or has gone offline, it is time to wipe it.

iPhone:

  1. Go to icloud.com/find
  2. Select the device
  3. Click "Erase This Device"
  4. This deletes everything on the phone and removes it from your Apple ID

Android:

  1. Go to google.com/android/find
  2. Select the device
  3. Click "Erase device"
  4. This factory resets the phone remotely

Once you wipe the phone, you can no longer track its location. So only wipe it when you have given up on recovery. But do not wait too long. The data on the phone is more valuable than the phone itself.

If the phone is off or has no internet connection, the wipe command will execute as soon as it comes back online.

What Is Actually at Risk

Understanding what is on a stolen business phone helps you assess the damage and prioritise your response.

Email Access

Your email is probably the most dangerous thing on a stolen phone. Through email, a thief can:

  • Read sensitive business communications
  • Access attachments (contracts, invoices, financial documents)
  • Reset passwords for other accounts using "Forgot password" links
  • Impersonate you and send emails to clients or suppliers
  • Access shared drives and documents linked in emails

Banking Apps

Business banking apps are a direct line to your money. Most banking apps require biometric authentication for transactions, but some only require it to open the app. If the thief can bypass the lock screen (unlikely with modern encryption, but possible with weak passcodes), they may be able to access your accounts.

Customer Data

Contact lists, CRM data, WhatsApp conversations with clients, photos of documents. All of this is personal data under GDPR. A stolen phone containing unprotected customer data is a potential data breach that you must assess and possibly report.

Social Media Accounts

A thief with access to your business social media accounts can post anything. Offensive content, scams, fake promotions. The damage to your reputation can be significant and fast.

Two-Factor Authentication Codes

If your phone receives 2FA codes by SMS, the thief could use those codes to access your other accounts. This is why blocking the SIM is urgent. It is also why app-based 2FA (like Microsoft Authenticator or Google Authenticator) is better than SMS-based 2FA. The codes are tied to the device and require authentication to access.

Photos and Documents

Photos of contracts, invoices, identity documents, site plans, or anything else containing personal or commercially sensitive information. Documents downloaded from email or cloud storage. Notes with passwords, codes, or other sensitive information.

GDPR Breach Assessment: When a Stolen Phone IS a Reportable Breach

Not every stolen phone triggers a GDPR breach notification. The key question is whether personal data has been compromised.

When it is probably NOT a reportable breach:

  • The phone was encrypted (as all modern phones are with a passcode set)
  • The phone had a strong passcode (6+ digits or password)
  • Find My / Find My Device was enabled
  • You remote wiped the phone quickly
  • The phone was running up-to-date software

In this case, the risk to personal data is low. The data is encrypted. The thief cannot access it. You wiped it remotely. Document the incident internally, but you probably do not need to report to the ICO.

When it IS likely a reportable breach:

  • The phone had no passcode or a weak one (4-digit PIN, simple pattern)
  • The phone was not encrypted
  • You could not remote wipe it (Find My was not enabled)
  • The phone contained sensitive personal data (health information, financial data, children's data)
  • You have reason to believe the thief accessed the data

If there is a risk to the individuals whose data was on the phone, you must report to the ICO within 72 hours. You must also notify the affected individuals if the risk is high.

How to report to the ICO:

  1. Go to the ICO website and use their online breach reporting tool
  2. Provide details of what happened, what data was involved, and what steps you have taken
  3. Include your crime reference number
  4. Describe the security measures that were (or were not) in place

The ICO's approach is proportionate. If you can show that you had proper security measures in place and responded quickly, they are unlikely to take enforcement action. If you had no security and no plan, expect a much harder conversation.

Ready to compare? Get a free quote across EE, Vodafone, O2 and Three. Takes 10 minutes, completely free, no obligation.

Prevention: Worth Ten Times the Cure

Everything above is damage control. Here is how to make sure a stolen phone is an inconvenience rather than a disaster.

Enable Find My iPhone / Find My Device NOW

Do not wait until a phone is stolen. Set this up on every business phone today.

iPhone setup:

  1. Open Settings
  2. Tap your name at the top
  3. Tap Find My
  4. Tap Find My iPhone
  5. Turn on Find My iPhone
  6. Turn on Find My network (this helps locate the phone even when it is offline by using nearby Apple devices)
  7. Turn on Send Last Location (sends the phone's location to Apple when the battery is critically low)

Android setup:

  1. Open Settings
  2. Tap Security (or Security & Privacy)
  3. Tap Find My Device
  4. Turn it on
  5. Make sure Location is turned on in Settings > Location

Test it. Right now. Go to icloud.com/find or google.com/android/find and make sure you can see the phone. If you cannot see it, the setup is not complete.

Set Up Remote Wipe Capability

Find My iPhone and Find My Device both include remote wipe. But you need to make sure:

  • The feature is turned on (see above)
  • You know the login credentials for the Apple ID or Google account on the phone
  • You have access to another device to perform the wipe
  • If you use MDM software, remote wipe is built in. Test it

Use Biometric Lock Plus Strong Passcode

Biometrics (fingerprint or Face ID) make unlocking the phone fast and easy, which means people actually keep their phone locked. A strong passcode acts as the backup.

Requirements for all business phones:

  • 6-digit PIN minimum (not 4-digit)
  • Ideally a proper alphanumeric password
  • Fingerprint or Face ID enabled
  • No pattern locks (too easy to guess from screen smudges)

Do Not Store Passwords in the Notes App

This is more common than anyone likes to admit. Employees storing passwords, PINs, login credentials, and security codes in the Notes app. In plain text. On a phone that could be stolen.

Use a password manager instead. Options include:

  • 1Password: excellent for teams, around £6 per user per month
  • Bitwarden: free for individuals, affordable for teams
  • LastPass: widely used, good for businesses
  • Apple Keychain / Google Password Manager: built-in and free, but less feature-rich than dedicated options

A password manager stores all credentials in an encrypted vault. Even if the phone is stolen, the vault requires a separate master password to access.

Enable Automatic Screen Lock (30 Seconds)

The shorter the screen lock timeout, the smaller the window of opportunity for a thief to access an unlocked phone.

Set screen lock to 30 seconds on all business phones. Yes, it means unlocking the phone more often. Biometrics make this painless.

60 seconds is acceptable. Anything longer than that is a risk. "Never" is not acceptable for any business phone.

Back Up Regularly

A stolen phone is replaceable. The data on it might not be.

  • iPhone: Turn on iCloud Backup in Settings > [your name] > iCloud > iCloud Backup. It backs up automatically when connected to WiFi and power.
  • Android: Turn on Google Backup in Settings > System > Backup. It backs up automatically.

Test your backup. Check that you can actually restore from it. A backup you have never tested is a backup you cannot trust.

Business Insurance That Covers Mobile Theft

Standard business insurance may or may not cover mobile phone theft. Check your policy. If it does not, add it.

Mobile phone insurance gives you peace of mind and gets you back up and running quickly. But it is not a substitute for proper security. Insurance replaces the phone. It does not recover your data or undo a GDPR breach.

Insurance: What Business Mobile Insurance Actually Covers

Network Insurance vs Third-Party

Most mobile networks offer insurance as an add-on to business contracts. Third-party providers also offer standalone policies.

Network insurance (EE, Vodafone, O2, Three):

  • Usually £7-15 per month per device
  • Covers theft, accidental damage, and breakdown
  • Claims are handled by the network or their insurance partner
  • Replacement device usually delivered next working day
  • Easy to manage. It is on the same bill as your mobile contract

Third-party insurance (Protect Your Bubble, Gadget Cover, So-Sure):

  • Often cheaper than network insurance
  • May cover more devices on a single policy
  • Can cover devices on any network
  • Check the terms carefully. Coverage varies widely

Typical Excess

Most policies have an excess (the amount you pay towards the claim). For business mobile insurance:

  • Basic policies: £50-100 excess
  • Mid-range policies: £75-125 excess
  • Premium devices (iPhone Pro, Samsung Ultra): £100-150 excess

The excess is per claim, not per year. If two phones are stolen, you pay the excess twice.

What Is NOT Covered

Read the fine print. Common exclusions include:

  • Phone left unattended. If you left the phone on a table in a pub and walked away, most policies will not pay out.
  • No passcode set. Some policies require a screen lock to be active. If the phone had no passcode, they may refuse the claim.
  • Theft from an unattended vehicle. If the phone was visible in a car and the car was broken into, most policies will not cover it. If it was hidden (in a locked glovebox, for example), some policies will.
  • Cosmetic damage only. Scratches and dents that do not affect functionality are usually not covered.
  • Pre-existing damage. If the phone was already cracked or faulty, do not expect a payout.
  • More than a certain number of claims per year. Most policies limit you to 2-3 claims per year.

Claiming on Insurance: Step by Step

If a business phone is stolen and you need to make an insurance claim:

  1. Report the theft to the police. Get a crime reference number. You cannot claim without it.
  2. Report the phone as stolen to your network. Get confirmation that the SIM has been blocked and the IMEI has been blacklisted.
  3. Contact your insurer within 24-48 hours. Most policies require you to report the theft promptly. Do not wait.
  4. Provide the required information. You will typically need:
    • Crime reference number
    • IMEI number of the stolen phone
    • Date, time, and location of the theft
    • Description of what happened
    • Proof of purchase or ownership
    • Network confirmation that the SIM has been blocked
  5. Pay the excess. This is usually taken when the claim is approved.
  6. Receive the replacement. Most insurers send a replacement device within 1-3 working days. It may be a refurbished device, not a brand new one, depending on your policy.

Keep all documentation. Receipts, police reports, network confirmations, and insurer correspondence. Store them digitally so they are not on the stolen phone.

Prevention Checklist for All Company Phones

Print this. Apply it to every company phone. Review it quarterly.

Security basics:

  • 6-digit PIN or stronger passcode set
  • Fingerprint or Face ID enabled
  • Screen lock timeout set to 30 seconds
  • Find My iPhone / Find My Device enabled and tested
  • Automatic software updates turned on
  • Phone running the latest operating system version

Data protection:

  • Two-factor authentication on email (app-based, not SMS)
  • Two-factor authentication on banking
  • Two-factor authentication on CRM and business apps
  • No passwords stored in Notes or plain text
  • Password manager installed and in use
  • Regular backups enabled and tested

Policies and preparation:

  • Written mobile device policy in place
  • Staff trained on what to do if phone is stolen
  • IMEI numbers recorded for all company phones
  • Emergency contact numbers accessible from another device
  • Insurance in place and policy reviewed
  • GDPR breach response plan documented

Physical security habits:

  • Never leave phone unattended in public
  • Do not leave phone visible in a vehicle
  • Use a secure pocket (inside jacket, zipped pocket) in crowded areas
  • Be aware of surroundings when using phone on the street
  • Do not use phone while walking in busy areas (common snatch theft scenario)

How Compare The Networks Helps

At Compare The Networks, we help UK businesses find mobile plans that include the security features that matter.

Many business mobile contracts include options for:

  • Built-in device insurance at competitive rates
  • Mobile device management tools
  • Network-level security features
  • Next-day replacement devices
  • Priority business support when you need to report a stolen phone

We have been comparing business mobile deals since 2008. We are OFCOM-regulated and rated 4.3 out of 5 on Trustpilot. We do not just look at price. We help you find plans that protect your business.

Get a free, no-obligation comparison of business mobile plans with the security features your business needs.

Frequently Asked Questions

Can a stolen phone be tracked after a factory reset?

On iPhone, Activation Lock means the phone is still tied to your Apple ID even after a factory reset. It cannot be set up as a new phone without your Apple ID password. On Android, Factory Reset Protection (FRP) does something similar. It requires the Google account credentials that were on the phone before the reset. However, tracking the phone's location after a factory reset is usually not possible.

Should I try to recover a stolen phone myself?

No. If Find My shows the phone at a specific location, do not go there yourself. Report the location to the police and let them handle it. People have been injured and even killed attempting to recover stolen phones. The phone is not worth it. Your data should be protected by encryption and remote wipe anyway.

What if the thief turns off the phone?

If the phone is off, you cannot track it or remote wipe it until it comes back online. However, if you have sent a remote wipe or lock command, it will execute the moment the phone connects to the internet. On iPhone, Send Last Location sends the phone's position when the battery reaches critically low levels, giving you one final location.

How quickly should I remote wipe?

If you are confident the phone is stolen (not just misplaced), wipe it within the first hour. The longer you wait, the greater the risk. Yes, you lose the ability to track it after wiping. But the data on the phone is more valuable than the hardware.

Does a stolen phone count as a GDPR breach?

It depends on the security measures in place. An encrypted phone with a strong passcode that you remote wiped quickly is unlikely to be a reportable breach. An unencrypted phone with no passcode containing customer data is almost certainly a reportable breach. Assess each case individually and document your reasoning.

What if an employee's personal phone with work data is stolen?

The same principles apply. The business data on the phone is your responsibility, even if the phone belongs to the employee. If you have MDM, wipe the business container. If you do not, you are relying on the phone's built-in security. This is one of the strongest arguments for either providing company phones or requiring MDM on BYOD devices.

How much does phone theft cost a business?

Beyond the cost of the phone itself (£300-1,200+), consider: replacement device setup time (2-4 hours), lost productivity (1-2 days), potential GDPR fines (up to £17.5 million in the worst case), insurance excess (£50-150), and reputational damage if customer data is compromised. The total cost can easily reach thousands of pounds, even for a single phone.

Can I prevent my phone number from being ported by a thief?

SIM swap fraud is a real risk. A thief might try to port your phone number to a new SIM to receive your 2FA codes. Contact your network and ask them to add extra security to your account, such as a verbal password or PIN that must be provided before any changes can be made. EE, Vodafone, O2, and Three all offer this. Set it up before you need it.

Compare The Networks is an OFCOM-regulated business mobile comparison service, trusted by UK businesses since 2008. Rated 4.3/5 on Trustpilot. Compare business mobile deals today.

Ready to compare deals?

Get a free, no-obligation quote in under 2 minutes.

Get Your Free Quote