UK Government: Mobile Devices Lost & Stolen

The mobile communications experts  at Viasat have identified the level of loss and theft of supposedly secure mobile devices used by British govermnet functionaries. They contacted 47 public bodies and  got replies from 27 who answered its Freedom of Information requests with data from 1 June 2018 - 1 June 2019. 

Over 2000 mobile devices used by UK government employees have gone missing in the space of a year, with a significant number unencrypted, according to new Freedom of Information (FOI) data. The data from 27 public bodies found government employees lost 1,474 devices, 347 were reported as stolen, and 183 were either lost or stolen.

During the period June 1 2018 to June 1 2019, a total of 2004 devices were reported lost or stolen, which amounts to eight per working day or 39 per week.

Even more concerning is the fact that the vast majority (767) were lost by the Ministry of Defence (MoD), followed by HMRC (288), the Department for Business, Energy and Industrial Strategy (197) and the Foreign Office (193). The Ministry of Defence said its employees lost more devices because there were more of them. The numbers include military personnel in the Army, the Royal Navy, and Royal Air Force. It also said it had "robust" procedures in place around encryption.

Smartphones, laptops and tablets were among the devices most commonly lost or stolen from UK government officials.

The real problem isn't that the devices were lost, which in some instances is unavoidable, but rather that many were not properly secured. Most devices were encrypted, but approximately 200 were unsecured. Some 65 MoD phones were not encrypted, and the encryption status of a further 115 was "unknown".

On the plus side, the majority (1824) of the missing smartphones, laptops, PDAs, external storage devices and tablets were reported as encrypted. However, scores (65) were not, and the status of a further 115 is unknown.

Viasat’s UK managing director, Steve Beeching, argued that mobile security must be a top priority for government. “Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times. For devices this means total encryption – going beyond password protection to secure data at a hardware level,” he said.

The loss of personal data puts missing devices like these in the realm of GDPR regulation.

Viasat asked the government departments when they had last been audited by privacy watchdog the Information Commissioner’s Office, which is good practice for public sector organisations. In total, eight of those that replied said they had never been audited, while some had not been checked for years. For example, the MoD’s last audit was a decade ago in 2010.

Departments can proactively ask for an audit free of charge whenever they like, to ensure they're meeting commitments to data protection laws.

“Individual departments cannot assume that their data will not be of interest to attackers, with the right strategy, any data can be a threat.... UK government departments must take a zero-tolerance approach to non-encrypted devices in order to safeguard data from falling into the wrong hands.” Beeching said. 

The loss of devices, is a common issue across the public sector. Late last year, a separate report concluded the UK police lost 2,600 mobile and other pieces of equipment were stolen from the police in the last three years. Items such as mobiles, tablets, laptops and radios have been getting stolen at an increasing rate since 2016 all across Britain, according to new figures from Parliament Street Think Tank.

BBC:          ITProportal:      ITProportal:        Infosecurity Magazine:

You Might Also Read: 

Mandatory IoT Security In Britain:

Tackling UK Cyber Crime:

 

 

« The Most Common Cyber Attacks
Iran's Cutting Edge Cyberwar Capabilities »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

SafeUM Communications

SafeUM Communications

SafeUM Secure Messenger is an encrypted secure communications protection mechanism for instant messaging.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Applause

Applause

Applause provides real-world software testing for functionality, usability, accessibility, load, localization and security.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

IoT Talent Consortium (IoTTC)

IoT Talent Consortium (IoTTC)

IoTTC is a unique, non-profit community of experts and practitioners. We work to help grow the organizations and workforces needed to drive IoT-enabled digital transformation in every sector.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

Totalsec

Totalsec

Totalsec is a Grupo Salinas company with a team of professionals in cybersecurity and information security providing Security Consulting, Solutions Integration, and Managed Security Services.

Group Salus

Group Salus

Salus provides SMBs with cyber security-related communications consulting, crisis management, and brand reputation services.

JM Search

JM Search

JM Search’s Information Technology Executives Practice sources the most sought-after technology roles including CIO, CTO, CISO, CDO and other senior posts.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.