Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, today announced new findings from Freedom of Information (FoI) requests submitted to 17 government departments relating to the security of devices held by public sector employees. The responses indicate that government departments have lost or had stolen more than 1,000 devices in the past year.
The Department for Education (DfE) confirmed it had lost, or reported stolen, 139 devices between April 2019 and March 2020. This was over 50 per cent more than 2018/2019 during which it reported 91 devices lost or stolen. NHS Digital also saw a rise from 35 lost/stolen devices in 2019 to 65 in 2020.
The Department for Business, Energy and Industrial Strategy misplaced a total of 193 devices, while the House of Commons confirmed a total of 38 devices had been lost or stolen, 14 of which were lost on public transport, with just nine of the total number being recovered.
Jon Fielding, managing director, EMEA Apricorn, comments: “Given that the pandemic and resulting lockdown have forced a large number of employees into remote working, this increase in misplaced devices is to be expected. That said, the loss or theft of devices is inevitable, and it’s vital that organisations have the necessary systems in place to keep data secure and prevent criminals and opportunistic thieves from getting their hands on sensitive information.”
Her Majesty’s Revenue and Customs (HMRC) reported 375 devices lost or stolen between July 2019 and June 2020, including 218 mobile devices, 132 Microsoft Surface Pro tablets, 12 laptop computers and 13 USB memory sticks. Alarmingly, of those 13 USB devices, only 5 were encrypted.
The Home Office’s Annual Report and Accounts 2019-20 disclosed the loss of 2,404 inadequately protected electronic equipment, devices or paper documents from outside secured government premises, and a further 946 from within secured government premises. Additionally, it reported the loss of 11 inadequately protected electronic equipment, devices or paper documents from inside and outside secured government premises that had to be notified to the Information Commissioner’s Office during the 2019-20 reporting period.
Fielding continues: “For government departments such as the Home Office and HMRC, that are responsible for sensitive data and intellectual property of countless tax payers, corporate approved, hardware encrypted storage devices should be provided as standard. Encryption is a must to ensure that, whether these devices are lost, stolen or forgotten, the data on them is unintelligible should they fall into the wrong hands. Businesses must accept the need for digitisation and the benefits it delivers to storing documents, online backups, document management and remote working. The process is faster, more efficient and, ultimately, safer than offline equivalents.”
Encryption can often be side-lined by other security practices, and whilst many businesses are now encrypting data held on mobile devices and removable storage devices, research from Apricorn at the beginning of 2020 into the implementation of encryption technology within organisations found that many have no further plans to expand encryption on USB sticks (38%), laptops (32%), desktops (37%), mobiles (31%) and portable hard drives (40%). This is worrying given the risks posed to data being held on unencrypted devices.
Fielding adds: “The constant threat to data, and increased compliance requirements, may finally be having some impact. Organisations – particularly those in the public sector, which are responsible for such high volumes of sensitive data and intellectual property – must recognise that compliance and security demand ongoing effort. At a time when so many employees are working remotely, policies must be enforced and employees educated on the importance of keeping data secure whether in the office or on the move.”