Lost Devices on TfL Network Raise Data Breach Risk

Written by

Over 26,000 mobile devices and laptops were lost on the Transport for London (TfL) network between April 2017 and April 2018, raising serious questions about threats individual devices pose to company data security, says think tank Parliament Street.

Through a Freedom of Information (FOI) request, the think tank discovered that 26,272 devices were lost and handed into TFL lost property, with Apple devices taking the top spot followed by Samsung and Lenovo. In an independent study by Centrify, it is suggested that in the UK, younger employees are the "main culprits" for data security breaches in the workplace.

Responding to the research, Robert Coleman, UKI CTO, CA Technologies said: "With businesses investing heavily in purchasing and developing growing volumes of applications to improve employee productivity, the security threat posed by lost and stolen devices has increased dramatically.

"Nobody can prevent mobiles and tablets from being misplaced, but companies can ensure that the applications which reside on these devices are only accessible by the correct privileged users so that fraudsters cannot exploit them as a backdoor into the business."

Mobile working and the security of data still continue to concern enterprises. In a report by Apricorn, nearly one in five organizations (18%) suggested their mobile workers didn't care about security, with a third of them experiencing a data loss as a direct result of mobile working.

"Mobile devices, whether they be laptops, phones or USB storage devices, must give users the facility to secure critical business data," said Jon Fielding, EMEA managing director, Apricorn. "Whether your data is in transit or at rest, encryption is absolutely key to safeguarding confidential corporate information and employers need to provide certified encryption tools for protecting that IP. That way, businesses can ensure that if a device is lost, it is locked down and the integrity of the data it contains is maintained. Built-in encryption, such as a hardware encrypted USB drive, offers a simple way to solve security of data on the move."

Parliament Street's report recommends that businesses implement an identity verification strategy for every employee, increase training and "scrap trust" as a strategy: "With cyber-attacks rapidly on the rise, a healthy paranoia is a positive force for change within the organization."

Ojas Rege, chief strategy officer, MobileIron said that two new developments could help organizations in this area: “Biometrics, like fingerprint and facial recognition, provide an easy and more secure way for individuals to access their mobile devices and apps. Machine learning takes data inputs from devices, networks, and apps to constantly monitor and identify evolving threats of which the user is almost never aware.”

What’s hot on Infosecurity Magazine?