UK Government information security at risk with more than 2,000 mobile devices lost or stolen in a 1
More than 2,000 UK Government mobile devices – such as smartphones, laptops and external storage devices – were lost or stolen in a single year according to freedom of information (FoI) requests by Viasat, Inc., a global communications company. On average, public sector employees reported 39 devices being lost or stolen per working week – or eight per working day – between 1 June 2018 and 1 June 2019. From the data provided, at least 1,474 devices were reported as being lost; 347 as stolen; and 183 were unknown. Of these devices, just 249 were recovered.
Other key findings include:
Devices were reported being lost or stolen while commuting (78), travelling for business (61), at work (51) or at home (40) – for the remaining devices this wasn’t reported or recorded
Of the missing devices reported, at least 1,824 were encrypted. At least 65 unencrypted devices were lost or stolen
“This data shows us the struggle the UK is currently facing when it comes to securing data. Information assurance alongside mobile device security must be a top priority for the UK government,” said Steve Beeching, managing director of Viasat UK. “Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times. For devices this means total encryption – going beyond password protection to secure data at a hardware level. While the necessity for security is clear in areas such as defence and security, all government departments run the risk of a damaging security breach. It only takes one device getting into the wrong hands to give malicious actors access to sensitive content, whether top-secret information or personal data.”
The FoI request also asked government departments for the date of their last audit by the Information Commissioners Office (ICO). Of those who responded, eight government departments reported that they have not been audited by the ICO. These include the Department for Environment, Food and Rural Affairs and the Department for Exiting the European Union, who lost 44 and 36 devices respectively. Of the five departments that reported their last ICO audit, the most recent was the Department for Business, Energy and Industrial Strategy, which was audited in June 2017. At the opposite end of the scale, the Ministry of Defence was last audited in 2010.
“This ICO audit data is worrying — with cyberattacks being carried out by Nation State Actors and other individuals on a near-daily basis, it is imperative the Government strives to ensure no data is put at risk,” continued Steve Beeching. “Individual departments cannot assume that their data will not be of interest to attackers – with the right strategy, any data can be a threat. UK Government departments must take a zero-tolerance approach to non-encrypted devices in order to safeguard data from falling into the wrong hands.”
“Government departments at any level should be learning from the example already being set by the military and security services,” said Ken Peterman, president of Viasat’s Government Systems business. “This means using software and hardware designed to ensure sensitive information on a device is continually protected from being compromised – even if disconnected from its network or a remote management system. Ultimately users need peace of mind knowing that, even if a device is stolen or lost, they will have the level of encryption and security required to protect highly sensitive information.”