Crisis protocol

Crisis Mode Protocol

When your phone is stolen, your inbox is breached, or your accounts start firing off alerts, you don’t get time to think. This crisis protocol is the fast, practical checklist that stops identity leaks, locks down compromised accounts, and contains real world damage before it spreads. Use it as your immediate response plan when a digital failure becomes an emergency.

Most people don’t realize how fast a digital problem becomes a real world one. A stolen phone becomes a compromised identity. A breached inbox becomes a bank lockout. A bad click becomes a full exposure event. When things break, you don’t get time to think. You get seconds. That’s why you need a simple protocol you can run on instinct.

This is the stripped down emergency playbook. No theory. No waiting. Just the exact moves that keep a bad situation from turning into a total meltdown.

Step One – Kill the live exposure

When something goes wrong you stop the leak first and then worry about the cleanup. Cut the channel.

  • Put the mobile device in airplane mode
  • If stolen, log into your carrier immediately and suspend the line
  • Change the passwords on your email, cloud, bank, and password manager
  • Kill sessions on every major account
  • Reset 2FA backup codes if you think they’re exposed

The faster you sever the active connection the less data continues leaking.

Step Two – Lock the identity perimeter

Your accounts are the real risk, not the hardware. You rebuild control here.

  • Reset your primary email password first
  • Enable fresh 2FA using an app, not SMS
  • Rotate your cloud password
  • Rotate your password manager master password
  • Revoke API keys or connected devices you don’t recognize

If someone gets your inbox, they own your life. Protect it above everything else.

Step Three – Check for silent compromises

Breaches don’t always announce themselves, look for movement.

  • Look at login history for Google, Apple, Microsoft, and your bank
  • Check for forwarding rules on your email
  • Check for unknown recovery numbers and emails
  • Check for new devices on your password manager
  • Confirm no new browsers, no new extensions, no new apps

If anything looks off, assume it’s hostile and lock it out.

Step Four – Contain the physical problem

If your device is lost or stolen, react like it’s already in someone else’s hands.

  • Remote lock the phone or laptop
  • Remote wipe if you can
  • Remove it from your trusted device list
  • Log out of your messaging apps remotely
  • Change your SIM PIN as soon as you have a new phone

Step Five – Run the financial lockdown

This is where real damage hurts if you stall.

  • Freeze your credit
  • Lock your debit card or request a new one
  • Rotate online banking passwords
  • Check for pending transactions
  • Enable transaction alerts everywhere

You want to stop any attacker from getting your financial accounts.

Step Six – Rebuild the clean device

Don’t patch. Don’t reuse. Don’t hope. Rebuild.

  • Fresh OS install
  • Restore only clean data
  • Reinstall apps manually
  • Recreate 2FA tokens
  • Reconnect to trusted networks only

You don’t copy the old contamination back into the new system. Start fresh.

Step Seven – Run the perimeter audit

Now that you’re stable, confirm nothing slipped through. Repeat this frequently over the next couple of months.

  • Search your name, email, and phone for new leaks.
  • Check if any accounts were created in your name
  • Look for unusual social media activity
  • Verify your cloud backup contents
  • Confirm your router logs and DNS logs are normal

Crisis mode doesn’t end until the signal stops.

Step Eight – Document the event

It might sound boring and overkill, but it’s how you prevent the next loss.

Write down:

  • What failed
  • What you caught
  • What you missed
  • Where you felt blind
  • Which steps took too long

That report becomes your future defense.

Step Nine – Reinforce your baseline

After every crisis you upgrade the system.

  • Move essential accounts behind hardware keys
  • Drop SMS 2FA
  • Store backups offline
  • Harden your phone permissions
  • Build a cleaner network pipeline
  • Add a canary or monitoring system

Every incident is a map of your weak points. Patch them while the memory is sharp.

Step Ten – Set your new emergency triggers

You need clear tripwires.

  • Missing phone for 10 minutes
  • Unexpected login
  • Unknown device added
  • Bank alert
  • Email rule created
  • Password manager warning

If any of those fire, you reenter crisis mode immediately.

Closing

Crisis mode is about minimizing the blast radius so the damage stops with the first failure instead of becoming a chain reaction. Most people lose control because they freeze. You won’t. You’ll follow the protocol and take the exposure back down to zero.

If you need the full details on things like rapid re-key workflow and mobility protocols, jump into the Crisis Mode Hub to review the system.

-GHOST
Written by GHOST, creator of the Untraceable Digital Dissident project.

This is part of the Untraceable Digital Dissident series — tactical privacy for creators and rebels.
Explore more privacy tactics at untraceabledigitaldissident.com.