Full disk encryption and a strict policy of always closing the laptop / lock the screen when leaving. In some scenarios USB ports also need to be physically disabled.
Speaking of lock screens (and Speakers), did you see Pelosi's screen? Wasn't she on the floor of the House at that time? Why wasn't her screen locked? I can think of half a dozen scenarios of carelessness or time pressure. The first one comes to mind is that she was using it, suddenly evacuated and didn't flip the lock on, and the mob reached her desk before the lock timer expired. But I do wonder if the was even a screen lock.
Laptop is stolen by a foreign intelligence agency who can do things like "pour liquid nitrogen on the ram and swap it to another computer to recover encryption keys" or whatever (I've been told that's a real attack... but it always seemed like an intelligence agency ought to just make a device to read the ram without pulling it at all... just hijack the wires communicating to the ram or something...)
If that's your threat, the device doesn't leave your sight or possession, ever. I work at a significantly lower threat level than that and we're regularly told that when off site devices don't leave your possession, and on-site, deviecs should be tethered and locked when not in use.
