According to new Freedom of Information (FOI) data, in a year alone over 2,000 mobile devices used by UK government employees have gone missing.
Global communications company Viasat sent FOI requests to 47 government departments, to which 27 responded with full or partial replies.
It was found that between June 1, 2018 to June 1, 2019, 2,004 devices were reported lost or stolen, amounting to eight per working day or 39 devices per week.
The vast majority of devices (767) were lost by the Ministry of Defence (MoD), followed by HMRC (288), the Department for Business, Energy and Industrial Strategy (197) and the Foreign Office (193).
Fortunately, the majority of the missing devices including smartphones, tablets, laptops, PDAs and external storage were reported as being encrypted. However, 65 were not, whilst the status of 155 is unknown.
Steve Beeching, Viasat’s UK managing director said: “Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times. For devices this means total encryption – going beyond password protection to secure data at a hardware level.
“While the necessity for security is clear in areas such as defense and security, all government departments run the risk of a damaging security breach. It only takes one device getting into the wrong hands to give malicious actors access to sensitive content, whether top-secret information or personal data.”
The government departments were also asked when it had been last audited by the Information Commissioner’s Office (ICO) – to which eight replied stating that they had never been audited; whilst some had not been audited for years. The MoDs last audit was in 2010.
Audits are free of charge, thus departments can ask for one whenever they like.
“Individual departments cannot assume that their data will not be of interest to attackers – with the right strategy, any data can be a threat,” added Beeching. “UK government departments must take a zero-tolerance approach to non-encrypted devices in order to safeguard data from falling into the wrong hands.”
Another FOI request by the think tank Parliament street found that from 2016, the number of devices reported stolen or lost by London councils doubled over the past three financial years.
The post #Privacy: Over 2,000 government devices gone missing in a year appeared first on PrivSec Report.