MoJ loses more laptops
According to Freedom of Information requests submitted by Apricorn (https://www.apricorn.com/), a leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, the Ministry of Justice (MoJ) has had a 400% increase in lost laptops in three years.
The Freedom of Information findings show that the MoJ lost 354 mobile phones, PCs, laptops and tablet devices in FY 2018/19 compared with 229 between 2017/2018. The number of lost laptops alone, has risen from 45 in 2016/17 to 101 in 2017/18 and up to 201 in 2018/2019.
“Whilst devices are easily misplaced, it’s concerning to see such vast numbers being lost or stolen, particularly given the fact these are government departments ultimately responsible for volumes of sensitive public data. A lost device can pose a significant risk to the government if it is not properly protected” says Jon Fielding, Managing Director, EMEA, Apricorn.
“Modern day mobile working is designed to support the flexibility and efficiency increasingly required in 21st century roles, but this also means that sensitive data is often stored on mobile and laptop devices. If a device that is not secured is lost and ends up in the wrong hands, the repercussions can be hugely detrimental, even more so with GDPR now in full force”, noted Fielding.
When questioned about the use of USB and other storage devices in the workplace, or when working remotely, the MoJ, Ministry of Education (MoE) and NHS Digital confirmed that employees use USB devices. The MoJ added that all USB ports on laptops and desktops are restricted and can only be used when individuals have requested that the ports be unlocked. Each of the responding departments noted that all USB and storage devices are encrypted.
“Knowing that these government departments have policies in place to protect sensitive data is somewhat reassuring, however, they need to be doing a lot more to avoid the risk of a data breach resulting from these lost devices. Corporately approved, hardware encrypted storage devices should be provided as standard. These should be whitelisted on the IT infrastructure, blocking access to all non-approved media. Should a device then ‘go missing’ the data cannot be accessed or used inappropriately” Fielding added.