UK Government: Mobile Devices Lost & Stolen

Uploaded on 2020-03-13 in GOVERNMENT-Law Enforcement, GOVERNMENT-National, FREE TO VIEW

The mobile communications experts  at Viasat have identified the level of loss and theft of supposedly secure mobile devices used by British govermnet functionaries. They contacted 47 public bodies and  got replies from 27 who answered its Freedom of Information requests with data from 1 June 2018 - 1 June 2019. 

Over 2000 mobile devices used by UK government employees have gone missing in the space of a year, with a significant number unencrypted, according to new Freedom of Information (FOI) data. The data from 27 public bodies found government employees lost 1,474 devices, 347 were reported as stolen, and 183 were either lost or stolen.

During the period June 1 2018 to June 1 2019, a total of 2004 devices were reported lost or stolen, which amounts to eight per working day or 39 per week.

Even more concerning is the fact that the vast majority (767) were lost by the Ministry of Defence (MoD), followed by HMRC (288), the Department for Business, Energy and Industrial Strategy (197) and the Foreign Office (193). The Ministry of Defence said its employees lost more devices because there were more of them. The numbers include military personnel in the Army, the Royal Navy, and Royal Air Force. It also said it had "robust" procedures in place around encryption.

Smartphones, laptops and tablets were among the devices most commonly lost or stolen from UK government officials.

The real problem isn't that the devices were lost, which in some instances is unavoidable, but rather that many were not properly secured. Most devices were encrypted, but approximately 200 were unsecured. Some 65 MoD phones were not encrypted, and the encryption status of a further 115 was "unknown".

On the plus side, the majority (1824) of the missing smartphones, laptops, PDAs, external storage devices and tablets were reported as encrypted. However, scores (65) were not, and the status of a further 115 is unknown.

Viasat’s UK managing director, Steve Beeching, argued that mobile security must be a top priority for government. “Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times. For devices this means total encryption – going beyond password protection to secure data at a hardware level,” he said.

The loss of personal data puts missing devices like these in the realm of GDPR regulation.

Viasat asked the government departments when they had last been audited by privacy watchdog the Information Commissioner’s Office, which is good practice for public sector organisations. In total, eight of those that replied said they had never been audited, while some had not been checked for years. For example, the MoD’s last audit was a decade ago in 2010.

Departments can proactively ask for an audit free of charge whenever they like, to ensure they're meeting commitments to data protection laws.

“Individual departments cannot assume that their data will not be of interest to attackers, with the right strategy, any data can be a threat.... UK government departments must take a zero-tolerance approach to non-encrypted devices in order to safeguard data from falling into the wrong hands.” Beeching said. 

The loss of devices, is a common issue across the public sector. Late last year, a separate report concluded the UK police lost 2,600 mobile and other pieces of equipment were stolen from the police in the last three years. Items such as mobiles, tablets, laptops and radios have been getting stolen at an increasing rate since 2016 all across Britain, according to new figures from Parliament Street Think Tank.

BBC:          ITProportal:      ITProportal:        Infosecurity Magazine:

You Might Also Read: 

Mandatory IoT Security In Britain:

Tackling UK Cyber Crime:

 

 

« The Most Common Cyber Attacks
Iran's Cutting Edge Cyberwar Capabilities »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

Network Box

Network Box

Network Box is one of the world's leading Managed Security Service Providers.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

Sectigo

Sectigo

Sectigo is a leading cybersecurity provider of digital identity solutions, including TLS / SSL certificates, DevOps, IoT, and enterprise-grade PKI management, as well as multi-layered web security.

oneclick

oneclick

oneclick is a central access and distribution platform in the cloud, enabling the management of the entire technology stack for application provisioning.

LTIMindtree

LTIMindtree

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

CUBE3 AI

CUBE3 AI

CUBE3.AI is a web3 security platform that provides real-time transaction protection for smart contracts, safeguarding against cyber exploits, fraud, and compliance risks.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

Pango

Pango

Pango is a leading provider of digital consumer security solutions.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.

Cyber Husky

Cyber Husky

Cyber Husky is an agile technology company that specializes in cloud solutions, cybersecurity, and managed IT services.

ZeroThreat

ZeroThreat

ZeroThreat, a vulnerability scanning and automated pentesting tool, accelerates vulnerability detection 5x faster with unprecedented accuracy and efficiency in real-time.