Home>Security>Cyber Crime>1,000-plus IT devices lost or stolen from Government departments in 2020 
Home>Security>IT Security >1,000-plus IT devices lost or stolen from Government departments in 2020 
Home>Security>Office Management>1,000-plus IT devices lost or stolen from Government departments in 2020 

1,000-plus IT devices lost or stolen from Government departments in 2020 

03 November 2020

FREEDOM OF Information requests submitted by IT security specialist Apricorn to 17 Government departments relating to the security of devices held by public sector employees indicate that those departments have lost (or have had stolen) more than 1,000 devices in the past year.

The Department for Education confirmed it had lost, or reported stolen, 139 devices between April 2019 and March 2020. That’s over 50% more than in 2018-2019 during which it reported 91 devices lost or stolen. NHS Digital also saw a rise from 35 lost or stolen devices in 2019 to 65 this year.  

The Department for Business, Energy and Industrial Strategy misplaced a total of 193 devices, while the House of Commons confirmed a total of 38 devices had been lost or stolen, 14 of which were lost on public transport, with just nine of the total number being recovered. 

Jon Fielding, managing director for the EMEA at Apricorn, commented: “Given that the pandemic and resulting lockdown have forced a large number of employees into remote working, this increase in misplaced devices is to be expected. The loss or theft of devices is inevitable. It’s vital that organisations have the necessary systems in place to keep data secure and prevent criminals and opportunistic thieves from accessing sensitive information.”

Her Majesty’s Revenue and Customs reported 375 devices lost or stolen between July 2019 and June 2020, including 218 mobile devices, 132 Microsoft Surface Pro tablets, 12 laptop computers and 13 USB memory sticks. Alarmingly, of those 13 USB devices, only five were encrypted.

Home Office losses  

The Home Office’s Annual Report and Accounts for 2019-2020 disclosed the loss of 2,404 inadequately protected electronic equipment, devices or paper documents from outside secured Government premises, and a further 946 from within secured Government premises. Additionally, the department reported the loss of 11 inadequately protected electronic equipment, devices or paper documents from inside and outside secured Government premises that had to be notified to the Information Commissioner’s Office during the 2019-2020 reporting period. 

Fielding continued: “For Government departments such as the Home Office and Her Majesty’s Revenue and Customs that are responsible for sensitive data the Intellectual Property of countless tax payers, corporate-approved, hardware-encrypted storage devices should be provided as standard. Encryption is a must to ensure that, whether these devices are lost, stolen or forgotten, the data on them is unintelligible should they fall into the wrong hands. Businesses must accept the need for digitisation and the benefits it delivers when it comes to storing documents, online back-ups, document management and remote working. The process is faster, more efficient and, ultimately, safer than offline equivalents.” 

Encryption sidelined

Encryption can often be sidelined by other security practices, and while many businesses are now encrypting data held on mobile devices and removable storage devices, research conducted by Apricorn at the beginning of this year into the implementation of encryption technology within organisations found that many have no further plans to expand encryption on USB sticks (38%), laptops (32%), desktops (37%), mobiles (31%) or portable hard drives (40%). This is very worrying given the risks posed to data being held on unencrypted devices. 

Fielding concluded: “The constant threat to data, as well as increased compliance requirements, may finally be having some impact. Organisations – and particularly those in the public sector, which are responsible for such high volumes of sensitive data and Intellectual Property – must recognise that compliance and security demand an ongoing effort. At a time when so many employees are working remotely due to the pandemic, policies must be enforced and those employees educated on the importance of keeping data secure whether they’re in the office or on the move.”