Security News > 2022 > January > The security of devices held by public sector employees

The security of devices held by public sector employees
2022-01-18 04:30

Apricorn announced new findings from Freedom of Information requests submitted to 16 government departments into the security of devices held by public sector employees.

Despite the number of misplaced devices, NHS Digital were not required to notify the Information Commissioner's Office of any lost or stolen devices in the past year as these incidents related to encrypted devices and were unlikely to result in a risk to individuals' rights and freedoms as required under Article 33 of the UK GDPR. All organisations, whether they operate in the commercial or public sector, should take heed of the level of mitigation encryption brings in a breach event.

"Lost and stolen devices are, in most part, unavoidable. However, there are still a large number of loses, anyone of which could very easily put sensitive public data at risk. Fortunately, in the case of NHS Digital, despite the mishap in recording the disposal of a large quantity of laptops, their security processes ensured that all these devices were encrypted, and as a result, the data they housed was protected" said Jon Fielding, Managing Director, EMEA, Apricorn.

The Department for Business, Energy and Industrial Strategy misplaced a total of 107 devices compared with 193 last year, while the House of Commons confirmed a total of 15 devices had been lost or stolen compared to 38 in 2019/20, and the House of Lords declared 7 lost or stolen, one less than 2019/20.

When questioned about whether the lost or stolen devices were encrypted, all but one of the responses from government departments confirmed that all devices were encrypted.

Encryption is the safest way to do so, and hardware encrypted storage devices should be provided as standard to ensure the data on them is unintelligible should they go MIA. "Knowing that these government departments have encryption in place is reassuring. What's more, they have additional data backups too, meaning mission-critical applications are functional and data can be recovered quickly. A regular and reliable backup process will protect businesses from unexpected data loss from all potential sources and is as simple as storing copies of important files on hard drives, or other storage devices connected to your systems or network. However, for reasons already explained, these devices must be encrypted".


News URL

https://www.helpnetsecurity.com/2022/01/18/security-devices-public-sector-employees/