UK Government: Mobile Devices Lost & Stolen

Uploaded on 2020-03-13 in GOVERNMENT-Law Enforcement, GOVERNMENT-National, FREE TO VIEW

The mobile communications experts  at Viasat have identified the level of loss and theft of supposedly secure mobile devices used by British govermnet functionaries. They contacted 47 public bodies and  got replies from 27 who answered its Freedom of Information requests with data from 1 June 2018 - 1 June 2019. 

Over 2000 mobile devices used by UK government employees have gone missing in the space of a year, with a significant number unencrypted, according to new Freedom of Information (FOI) data. The data from 27 public bodies found government employees lost 1,474 devices, 347 were reported as stolen, and 183 were either lost or stolen.

During the period June 1 2018 to June 1 2019, a total of 2004 devices were reported lost or stolen, which amounts to eight per working day or 39 per week.

Even more concerning is the fact that the vast majority (767) were lost by the Ministry of Defence (MoD), followed by HMRC (288), the Department for Business, Energy and Industrial Strategy (197) and the Foreign Office (193). The Ministry of Defence said its employees lost more devices because there were more of them. The numbers include military personnel in the Army, the Royal Navy, and Royal Air Force. It also said it had "robust" procedures in place around encryption.

Smartphones, laptops and tablets were among the devices most commonly lost or stolen from UK government officials.

The real problem isn't that the devices were lost, which in some instances is unavoidable, but rather that many were not properly secured. Most devices were encrypted, but approximately 200 were unsecured. Some 65 MoD phones were not encrypted, and the encryption status of a further 115 was "unknown".

On the plus side, the majority (1824) of the missing smartphones, laptops, PDAs, external storage devices and tablets were reported as encrypted. However, scores (65) were not, and the status of a further 115 is unknown.

Viasat’s UK managing director, Steve Beeching, argued that mobile security must be a top priority for government. “Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times. For devices this means total encryption – going beyond password protection to secure data at a hardware level,” he said.

The loss of personal data puts missing devices like these in the realm of GDPR regulation.

Viasat asked the government departments when they had last been audited by privacy watchdog the Information Commissioner’s Office, which is good practice for public sector organisations. In total, eight of those that replied said they had never been audited, while some had not been checked for years. For example, the MoD’s last audit was a decade ago in 2010.

Departments can proactively ask for an audit free of charge whenever they like, to ensure they're meeting commitments to data protection laws.

“Individual departments cannot assume that their data will not be of interest to attackers, with the right strategy, any data can be a threat.... UK government departments must take a zero-tolerance approach to non-encrypted devices in order to safeguard data from falling into the wrong hands.” Beeching said. 

The loss of devices, is a common issue across the public sector. Late last year, a separate report concluded the UK police lost 2,600 mobile and other pieces of equipment were stolen from the police in the last three years. Items such as mobiles, tablets, laptops and radios have been getting stolen at an increasing rate since 2016 all across Britain, according to new figures from Parliament Street Think Tank.

BBC:          ITProportal:      ITProportal:        Infosecurity Magazine:

You Might Also Read: 

Mandatory IoT Security In Britain:

Tackling UK Cyber Crime:

 

 

« The Most Common Cyber Attacks
Iran's Cutting Edge Cyberwar Capabilities »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Wall Street Technology Association (WSTA)

Wall Street Technology Association (WSTA)

The Wall Street Technology Association (WSTA) provides financial industry technology professionals with forums to learn from and connect with each other.

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

Zivaro

Zivaro

Zivaro provides transformational consulting and technology services to help clients attain real business value from their technology investments.

InFyra

InFyra

InFyra is an IoT & Telecoms specialist consultancy, with extensive global and local experience in business and technology strategy, networks and solutions development.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

Data Storage Corp (DSC)

Data Storage Corp (DSC)

Data Storage Corporation is a provider of data recovery and business continuity services that help organizations protect their data, minimize downtime and recover and restore data.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

Apura Cybersecurity Intelligence

Apura Cybersecurity Intelligence

Apura is a Brazilian company that develops advanced products and provides specialized services in information security and cyber defense.

CyberXposure

CyberXposure

CyberXposure has been built by a team comprising of Cyber Security Professionals and SAAS experts in data backup, disaster recovery and cyber-security.