The BBC has reported over 170 lost or stolen devices over the past two years, highlighting the challenges associated with managing a large mobile workforce.
Think tank Parliament Street submitted Freedom of Information requests to the national broadcaster which revealed that 81 devices were lost and 91 stolen over the past two financial years.
These included laptops, mobile phones and tablets, at an estimated total cost of at least £109,000. Eighty mobile phones, 82 laptops including MacBooks and high-end HP EliteBooks, eight iPads and even two desktop computers were apparently lost or stolen.
“The BBC employs about 20,000 people and the number of items lost or stolen is relatively small, however, it is regrettably inevitable some items will occasionally go missing,” read a statement from the corporation. “The BBC takes incidents of crime seriously and we are constantly implementing and reviewing measures to reduce crime and recover lost and stolen items.”
Experts explained that, in the new GDPR era, encryption is essential.
“Encryption is one of the few technical controls explicitly called out by GDPR, as its proper use means that device loss is purely the loss of a physical asset, as opposed to the more serious loss of information, which leads to reporting requirements and potential fines,” Becrypt CEO, Bernard Parsons, told Infosecurity.
“Choosing an encryption solution for laptops that has some form of third-party validation, such as NCSC assurance, allows an organization to confidently address both risks and liabilities. But equally important is that technology does not inhibit user experience. Poorly implemented security leads to user bypass, such as passwords on stick-it notes, that can actually increase an organization’s risk. NCSC have some great guidance on appropriate password policies that balance security with user needs.”
He added that mobile device management platforms should be adopted to enforce mobile policies like screen-lock and remote wipe in the event of loss or theft.
“Organizations that are higher-threat targets need also to be aware that lost devices can be used to carry out subsequent attacks on the company’s networks, particularly as many organizations host MDM servers outside of their more secure networks,” Parsons concluded.