The Ministry of Defence (MoD) suffered 352 unauthorised disclosures of information over the last year, up nearly five-fold on the previous year, while the number of protected electronic devices or paper documents lost or stolen from secured government premises nearly tripled over the same period.
Total losses of data and devices rose from 117 to 463 between 2017/2018 – 2018/209; an increase of 296 per cent. The figures occurred under then-Defence Secretary Gavin Williamson’s watch. The minister was himself held responsible by former PM Theresa May for leaking details of a National Security Council meeting to the Daily Telegraph; an allegation he denies. It was unclear if this incident was captured in the report.)
Nia Griffith MP, the Labour Party’s Shadow Defence Secretary, said: “It’s very concerning to see sensitive documents or equipment go missing from secure locations, particularly as the UK faces a growing range of threats. The new Secretary of State must ensure his department does everything it can to trace these devices and prevent future security breaches.”
Andy Harcup, of data security firm Absolute Software, said in an emailed comment: “Rising thefts of mobiles and laptops pose a serious security risk. Each device contains a goldmine of confidential data which could be exploited by hackers, foreign states or even a rogue employee. It’s vital all government organisations ensure devices are properly protected with end-point security, so they can track, secure and freeze them if they fall into the wrong hands.”
MoD Data Losses Figures: Follows FoI on Mobile Losses
The figures come after a Freedom of Information request by mobile security specialist MobileIron revealed that government staff lost 508 mobile and laptop devices between January 2018 and April 2019, with only 10 percent of devices ever recovered. With the average enterprise using up to almost 1,000 cloud-based applications, the security risks presented by the volume of data that might be exposed when a device is lost or stolen becomes clear.
MobileIron’s Justin Prowse, who heads up the company’s Central Government, Defence and Security division, told Computer Business Review: “A lost laptop, mobile or tablet can pose a significant risk to government agencies if it is not properly protected. Modern mobile working allows employees easy access to corporate data, which means this sensitive data is often stored on the device. If a device that is not secured is lost and this sensitive data ends up in the wrong hands, the ramifications can be disastrous. This is particularly the case in the public sector, as these devices often contain data subject to GDPR, such as health and education records, or confidential government plans.
Mobile devices are very easy to misplace and unfortunately this happens regularly – there is no way to stop this. However, there are a number of steps public sector organisations can take to mitigate and limit the risk lost devices posed. Public sector organisations should implement a strong device-level authentication measure to ensure only the right people can access the data on the device. A zero-trust model also reduces the risk by allowing government agencies complete control over their business data on either issued or personal devices.”