Most UK Government Devices Lost or Stolen in 12 Months Were Unencrypted

More than 2,000 government mobile devices went missing in a recent 12-month period in the UK alone, either lost or stolen. Many were unencrypted, raising questions about cybersecurity.

Securing the infrastructure in an institution or private organization is challenging work, and it’s impossible to make any network airtight. An employee can easily undermine those efforts by losing critical equipment, and it doesn’t have to be a complex piece of technology.

For example, losing an access badge is a security risk. You never know who will find it or what will happen with it. Working in security means that you need to always prepare for the worst-case scenario, and that means you have to immediately disable the access card. Now imagine losing the phone with contacts for all the company’s employees or, worse, a laptop with direct access into the infrastructure?

A report from Infosecurity mentions requests sent by communications company Viasat to various government departments in the United Kingdom, specifically about lost or stolen devices. Keep in mind that only about half of the department responded, and the number they returned is still worrying: 2,004 devices were reported lost or stolen from June 1st, 2018 to June 1st, 2019.

Most of the misplaced devices were reported by the Ministry of Defence (MoD), with 767, followed by Her HM Revenue and Customs (HMRC) with 288. Even worse, 1,824 of the devices (including laptops, PDA, storage devices, and more) were completely unencrypted.

“Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times,” said Viasat’s UK managing director, Steve Beeching. “For devices this means total encryption – going beyond password protection to secure data at a hardware level.”

Losing a single piece of equipment, especially unencrypted, presents a number of opportunities for bad actors. Imagine the potential damage when a laptop replete with contacts, security certificates and saved credentials falls into the wrong hands. It could open the way for business email compromise schemes (BEC), ransomware infections, and even plain blackmail.

Lost devices are a problem in any organization, and that’s why it’s imperative to have network traffic analysis tools running in the background. It’s one the most efficient ways of spotting unauthorized access to a network, even when it comes through a legit device.