UK Government: Mobile Devices Lost & Stolen

The mobile communications experts  at Viasat have identified the level of loss and theft of supposedly secure mobile devices used by British govermnet functionaries. They contacted 47 public bodies and  got replies from 27 who answered its Freedom of Information requests with data from 1 June 2018 - 1 June 2019. 

Over 2000 mobile devices used by UK government employees have gone missing in the space of a year, with a significant number unencrypted, according to new Freedom of Information (FOI) data. The data from 27 public bodies found government employees lost 1,474 devices, 347 were reported as stolen, and 183 were either lost or stolen.

During the period June 1 2018 to June 1 2019, a total of 2004 devices were reported lost or stolen, which amounts to eight per working day or 39 per week.

Even more concerning is the fact that the vast majority (767) were lost by the Ministry of Defence (MoD), followed by HMRC (288), the Department for Business, Energy and Industrial Strategy (197) and the Foreign Office (193). The Ministry of Defence said its employees lost more devices because there were more of them. The numbers include military personnel in the Army, the Royal Navy, and Royal Air Force. It also said it had "robust" procedures in place around encryption.

Smartphones, laptops and tablets were among the devices most commonly lost or stolen from UK government officials.

The real problem isn't that the devices were lost, which in some instances is unavoidable, but rather that many were not properly secured. Most devices were encrypted, but approximately 200 were unsecured. Some 65 MoD phones were not encrypted, and the encryption status of a further 115 was "unknown".

On the plus side, the majority (1824) of the missing smartphones, laptops, PDAs, external storage devices and tablets were reported as encrypted. However, scores (65) were not, and the status of a further 115 is unknown.

Viasat’s UK managing director, Steve Beeching, argued that mobile security must be a top priority for government. “Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times. For devices this means total encryption – going beyond password protection to secure data at a hardware level,” he said.

The loss of personal data puts missing devices like these in the realm of GDPR regulation.

Viasat asked the government departments when they had last been audited by privacy watchdog the Information Commissioner’s Office, which is good practice for public sector organisations. In total, eight of those that replied said they had never been audited, while some had not been checked for years. For example, the MoD’s last audit was a decade ago in 2010.

Departments can proactively ask for an audit free of charge whenever they like, to ensure they're meeting commitments to data protection laws.

“Individual departments cannot assume that their data will not be of interest to attackers, with the right strategy, any data can be a threat.... UK government departments must take a zero-tolerance approach to non-encrypted devices in order to safeguard data from falling into the wrong hands.” Beeching said. 

The loss of devices, is a common issue across the public sector. Late last year, a separate report concluded the UK police lost 2,600 mobile and other pieces of equipment were stolen from the police in the last three years. Items such as mobiles, tablets, laptops and radios have been getting stolen at an increasing rate since 2016 all across Britain, according to new figures from Parliament Street Think Tank.

BBC:          ITProportal:      ITProportal:        Infosecurity Magazine:

You Might Also Read: 

Mandatory IoT Security In Britain:

Tackling UK Cyber Crime:

 

 

« The Most Common Cyber Attacks
Iran's Cutting Edge Cyberwar Capabilities »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

Guidepost Solutions

Guidepost Solutions

Guidepost Solutions are a diverse, global team of investigators, experienced security and technology consultants, and compliance and monitoring experts.

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

Marcum Technology

Marcum Technology

Marcum Technology consultants are focused on helping you reach your company’s full potential by exploring creative ways to integrate tomorrow’s technology into your business today.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

Nullify

Nullify

Nullify is your automated security sentry that continuously finds and fixes security issues across your codebase.

Millennium Corporation

Millennium Corporation

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity.

Foresiet

Foresiet

Foresiet is the first platform to cover all of your digital risks, allowing enterprise to focus on the core business.

Aegis Cyber Defense Systems

Aegis Cyber Defense Systems

AEGIS is a powerful cybersecurity tool that can help protect your devices and networks from cyber threats, and increase performance.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.