The UK government is in hot water again after Freedom of Information (FOI) requests revealed its Environment Department has misplaced hundreds of laptops and mobile devices over recent years.
Security vendor Absolute Software sent requests for info to the Department for Environment, Food, and Rural Affairs (DEFRA) and non-departmental public body the Environment Agency, which it sponsors.
They revealed that the two organizations lost a combined 540 devices over the past three financial years: DEFRA accounting for 100 of these and the Environment Agency reporting a total of 440.
Mobile phone losses were most common, with the Environment Agency again losing the lion’s share (363) and DEFRA just 63.
The Environment Agency misplaced 59 laptops over the period, with just 35 going missing from DEFRA, while only 21 tablet computers were lost in total – three from DEFRA and 18 from the Environment Agency.
Yet despite the headline stats, it’s the Environment Agency which appears to be improving its device security processes. It recorded an overall decrease of 24% in lost IT kit over the three-year period, while DEFRA witnessed a 43% increase.
A spokesperson from the Environment Agency played down the findings, claiming they should be seen in the context of the public body’s 10,000+ nationwide staff.
“Due to the nature of our work, we have operational staff working in the field to protect the environment and support our incident response capabilities,” the statement noted.
“Because of this there is always a risk that exposure to threats concerning mobile technology will be increased. All staff are required to work in accordance with our IT and security policies so that we continue to work toward minimizing losses, and risk associated with losses.”
Absolute Software vice-president, Andy Harcup was less forgiving, branding the losses “unbelievable.”
“Every single lost device is a potential goldmine of confidential information and should be properly secured so that if stolen it can be tracked, frozen and recovered,” he argued.
“It’s also critical that government agencies have capabilities in place so that when mobile devices are exposed to threats outside of their control, they are able to locate the devices whether they are on or off the network, and wipe the data on the devices in order to comply with critical regulations like GDPR.”
These are just the latest two government bodies to have had their device security policies scrutinized: the Ministry of Defence recorded a 300% increase in losses of both devices and sensitive data over the past two financial years, according to Absolute Software.