If the Chinese government really is trying to steal UK government secrets via backdoored Huawei network switches, Beijing probably needn’t bother – a new report shows that over 2,000 mobile devices issued to government personnel were lost or stolen in a single year.
The report, based on Freedom of Information (FoI) requests made by satellite broadband provider Viasat, shows that on average 39 devices a week were reported as lost or stolen by the government between June 2018 and June 2019.
Whether sweaty-palmed SpAds or maladroit ministers were responsible for the goofs is unclear, but any recipients of some of the devices lost in that period should have little trouble finding out who screwed up – 65 of the MIA phones, laptops, and hard drives were reportedly not encrypted.
Related: Best laptop
While 1,824 of the missing devices were encrypted, the fact that any government-issued devices were not as standard is concerning.
“Despite the progress made on encrypting devices, the fact that unencrypted government devices are still being lost is concerning, suggesting more needs to be done to ensure data is protected at all times,” said Steve Beeching, managing director of Viasat UK.
“For devices this means total encryption – going beyond password protection to secure data at a hardware level. While the necessity for security is clear in areas such as defence and security, all government departments run the risk of a damaging security breach. It only takes one device getting into the wrong hands to give malicious actors access to sensitive content, whether top-secret information or personal data.”
The UK government’s National Cyber Security Strategy document, published in 2016, states that the government is “in favour of encryption” and adds that:
“The Government will measure its success in maintaining our cryptographic capabilities by assessing progress towards the following outcome: our sovereign cryptographic capabilities are effective in keeping our secrets and sensitive information safe from unauthorised disclosure.”
Related: Best VPN
In its research, Viasat also discovered that eight government departments have not been audited by the ICO (Information Commissioner’s Office), the independent body which has the ability to hand out fines to organisations for failing to prevent data breaches.
These include the Department for Environment, Food and Rural Affairs and the now-dissolved Department for Exiting the European Union, which lost 44 and 36 devices respectively.
The most recently audited government department was the Department for Business, Energy and Industrial Strategy, which was audited in June 2017, while the Ministry of Defence was last audited way back in 2010.
Trusted Reviews contacted the ICO for a statement, but no response was forthcoming at the time of publication.