UK Government: Mobile Devices Lost & Stolen

The mobile communications experts  at Viasat have identified the level of loss and theft of supposedly secure mobile devices used by British govermnet functionaries. They contacted 47 public bodies and  got replies from 27 who answered its Freedom of Information requests with data from 1 June 2018 - 1 June 2019. 

Over 2000 mobile devices used by UK government employees have gone missing in the space of a year, with a significant number unencrypted, according to new Freedom of Information (FOI) data. The data from 27 public bodies found government employees lost 1,474 devices, 347 were reported as stolen, and 183 were either lost or stolen.

During the period June 1 2018 to June 1 2019, a total of 2004 devices were reported lost or stolen, which amounts to eight per working day or 39 per week.

Even more concerning is the fact that the vast majority (767) were lost by the Ministry of Defence (MoD), followed by HMRC (288), the Department for Business, Energy and Industrial Strategy (197) and the Foreign Office (193). The Ministry of Defence said its employees lost more devices because there were more of them. The numbers include military personnel in the Army, the Royal Navy, and Royal Air Force. It also said it had "robust" procedures in place around encryption.

Smartphones, laptops and tablets were among the devices most commonly lost or stolen from UK government officials.

The real problem isn't that the devices were lost, which in some instances is unavoidable, but rather that many were not properly secured. Most devices were encrypted, but approximately 200 were unsecured. Some 65 MoD phones were not encrypted, and the encryption status of a further 115 was "unknown".

On the plus side, the majority (1824) of the missing smartphones, laptops, PDAs, external storage devices and tablets were reported as encrypted. However, scores (65) were not, and the status of a further 115 is unknown.

Viasat’s UK managing director, Steve Beeching, argued that mobile security must be a top priority for government. “Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times. For devices this means total encryption – going beyond password protection to secure data at a hardware level,” he said.

The loss of personal data puts missing devices like these in the realm of GDPR regulation.

Viasat asked the government departments when they had last been audited by privacy watchdog the Information Commissioner’s Office, which is good practice for public sector organisations. In total, eight of those that replied said they had never been audited, while some had not been checked for years. For example, the MoD’s last audit was a decade ago in 2010.

Departments can proactively ask for an audit free of charge whenever they like, to ensure they're meeting commitments to data protection laws.

“Individual departments cannot assume that their data will not be of interest to attackers, with the right strategy, any data can be a threat.... UK government departments must take a zero-tolerance approach to non-encrypted devices in order to safeguard data from falling into the wrong hands.” Beeching said. 

The loss of devices, is a common issue across the public sector. Late last year, a separate report concluded the UK police lost 2,600 mobile and other pieces of equipment were stolen from the police in the last three years. Items such as mobiles, tablets, laptops and radios have been getting stolen at an increasing rate since 2016 all across Britain, according to new figures from Parliament Street Think Tank.

BBC:          ITProportal:      ITProportal:        Infosecurity Magazine:

You Might Also Read: 

Mandatory IoT Security In Britain:

Tackling UK Cyber Crime:

 

 

« The Most Common Cyber Attacks
Iran's Cutting Edge Cyberwar Capabilities »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

APMG International (APM Group)

APMG International (APM Group)

APM Group is a global accreditation, certification and examination body specializing in certification schemes for individuals, organizations and software.

ThetaRay

ThetaRay

ThetaRay’s solution for Industrial cyber security protects against unknown cyber-attacks that target industry and critical infrastructure.

Chainalysis

Chainalysis

Chainalysis provides blockchain analysis software to prevent, detect and investigate cryptocurrency money laundering, fraud and compliance violations.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

Predatech

Predatech

A cyber security consultancy offering a range of services, including CREST accredited penetration testing, vulnerability assessments and certifications incl. Cyber Essentials & Cyber Essentials Plus.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Vigilant Ops

Vigilant Ops

Vigilant Ops is a leader in Software Bill of Materials (SBOM) Automation. A proactive approach to cybersecurity with continuous vulnerability monitoring.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.