2004 Government Devices Unaccounted For

The increase in remote working, has brought with it its own risks and rewards. Although it is often helpful to complete work tasks away from the office, having responsibility for a ‘work device’ brings with it certain risks.

We reported last month that in the last three years, London Councils lost 1,293 devices, which is a worrying thought. But now a recent Freedom of Information request (FoI) revealed that the UK Government employees have lost or misplaced 2004 mobile devices. Some of which aren’t encrypted, meaning whoever finds them will have access to some interesting data.

27 government departments out of 47 responded to Viasat’s FoI, and revealed the worrying figure was obtained between 1st June 2018 – 1st June 2019. The device losses amount to the departments receiving eight loss reports per day or 39 a week.

Steve Beeching, UK Managing Director of Viasat, encouraged the UK government to set mobile security as a top priority. He said:

“Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times. For devices this means total encryption – going beyond password protection to secure data at a hardware level.

“While the necessity for security is clear in areas such as defence and security, all government departments run the risk of a damaging security breach. It only takes one device getting into the wrong hands to give malicious actors access to sensitive content, whether top-secret information or personal data.”

The departments who fared the worst for lost devices, are seemingly the ones you’d believe would have tighter protocols around them.

767 devices were lost by the Ministry of Defence, 288 by Her Majesty’s Revenue and Customs, 197 by the Department for Business, Energy and Industrial Strategy and 193 by the Foreign Office.

Thankfully, 1824 devices – which include smartphones, laptops, tablets, PDAs and external storage devices – were encrypted. 65 were not, and worryingly it was uncertain whether data was or wasn’t encrypted on 115 of the unaccounted devices.

The data on these devices falls into the realms of GDPR, with Mr Beeching reminding government departments that they can ask for free audits from the Information Commissioner’s Office.

He added:

“Individual departments cannot assume that their data will not be of interest to attackers – with the right strategy, any data can be a threat.

“UK government departments must take a zero-tolerance approach to non-encrypted devices in order to safeguard data from falling into the wrong hands.”