Lost or stolen? The distinction matters...
Published: 3 August 2006 11:35 BST
A Freedom of Information enquiry by silicon.com has uncovered the number of laptops stolen from key UK government departments over the past year, raising questions and concerns about sensitive data falling into the wrong hands.
The worst affected department was the Ministry of Defence. It reported 21 laptops were stolen between July 2005 and July 2006.
The Home Office in total suffered 19 stolen laptops over the past year. Perhaps most worrying among those losses were four laptops stolen from the Identity and Passport Service. The Core Home Office unit suffered seven stolen laptops, while HM Prison Service had eight laptops stolen.
The Department of Trade and Industry told silicon.com it had 16 laptops stolen over the past year, while the Department for Work and Pensions reported it had nine laptops stolen. The Department of Health said it had lost 18 laptops, though couldn't clarify whether these were lost or stolen.
A submission from Defra, which lost 17 laptops, suggested government laptops are predominantly given out to senior members of staff at the departments. These are individuals in some cases likely to have access to the most sensitive information. The rural affairs agency named all staff who had lost laptops, including a number of senior managers and heads of division.
Further reading…
♦ Leader: Missing laptops and lazy risk management
♦ Mobile phones leak from UK government
Experts who work with organisations to assess the level of risk they face following the loss or theft of laptops, have told silicon.com the fact these laptops are at large could present a serious risk of data theft, which should concern UK citizens.
Bryan Sartin, VP investigative response at CyberTrust, said laptops are the number one source of data theft across organisations largely due to the fact the owners have already done the hard part - taking data outside the four walls and the protected digital perimeter of the organisation.
He said any organisation that accesses sensitive information should consider itself a target.
Once the laptop has fallen into the wrong hands, getting into it and accessing sensitive data is relatively easy, according to Peter Wood, from penetration testing company First Base Technologies.
Wood said 90 per cent of stolen laptops are probably accessible within 10 minutes and even many of those with more sophisticated levels of encryption can still be accessed within three hours.
He added: "We see laptops with supposedly stronger security in place, such as smartcard authentication, but these are still trivially easy to overcome.
silicon.com Public Sector
Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!
"And once you are onto the laptop it is possible to get all the passwords and use those credentials to access the VPN. You can own the laptop within 10 minutes and own the network shortly after."
Only those laptops with full disk encryption will thwart dedicated data thieves, said Wood.
And many doubt government departments will have levels of sophisticated security in place which even more advanced private sector organisations have been slow to adopt.
A growing threat must also be the use of PDAs and ...
Robert Machin
The Bush Administration announced on 26 June that ...
Amy
'and even many of those with more sophisticated le...
Graham Coles
I am doubtful if there is really a requirement, ot...
Chris Goodman
The answer to 'what kind of encryption' is that th...
Anonymous
Our client a local authority in the wood green area are seeking to recruit an experienced Organisational Development Manager to support the effective ...
s and laptops remote access services and devices is required. Candidates must have proven PC and Laptop and general network ...
This field based role will require you to visit various client sites within the Tendring borough supporting their hardware (Laptop and PC) and MS ...
Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Nick Heath
Next stop HMRC: How TfL CIO will shake up the taxman
Interview: Phil Pavitt, CIO Transport for London, on making IT boring
Gary Bettis
Public sector CIOs: It's your time to shine
Comment: Efficiency programme offers big challenges and opportunities
Gary Lynch
How e-coding can prevent NHS slip-ups
Barcodes to run in their blood
silicon.com
Inbox: Chip and PIN latest big IDea - and still no readers
"PIN numbers do not present much of a challenge to a determined crook"
Jo Best
From army officer to IT chief - CPS CIO David Jones
Profile: What IT and the military have in common
silicon.com
Inbox: Government IT ignoring red lights?
"The civil servants who specify these projects are not competent technically"