UK government workers have lost over 500 mobile devices and laptops over the past year, with just a small percentage ever recovered, according to new research from MobileIron.
The security vendor issued Freedom of Information (FOI) requests to nine government departments, all but one of which replied.
It found that public sector employees managed to lose 508 mobiles and laptops between January 2018 and April 2019.
It’s unclear whether these devices were password protected and/or if the data on them was encrypted, or if they had a remote wipe functionality to protect sensitive information. However, attackers could theoretically gain access to sensitive accounts if a device gets into the wrong hands without proper security controls in place.
“As the amount of business data that flows across devices, apps, networks, and cloud services continues to increase, it is essential that organizations have the right security protocols in place to minimize risk and prevent unauthorized access to sensitive data if a device is lost or stolen. Even one lost or stolen device provides a goldmine of readily accessible and highly critical data to potential fraudsters and hackers,” argued MobileIron UK and Ireland regional director, David Critchley.
The answer is to implement a zero-trust model, whereby users are forced to authenticate at all times, he said.
“This approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user,” he added. “The zero-trust model allows organisations, including government departments, to significantly reduce risk by giving them complete control over their business data – even on lost or stolen devices.”
It’s not just the government that has been found wanting regarding the loss of devices. Last year, an FOI request revealed that the BBC had reported over 170 lost or stolen devices over the previous two years.