The Glasgow City Council in the UK has lost over 700 devices in the last five years, according to an internal audit. Many of these devices appear to have been left digitally unprotected. For example, laptop encryption software like AlertBoot was not used to secure the contents of the devices.
256 Laptops, 450 PCs
According to computerweekly.com, the council has lost, over the past 5 years, 256 laptops and over 450 desktop computers (PCs), the laptops not having been secured with encryption software (and the implication that neither were the PCs). It also has another 541 laptop computers that remain unencrypted at the time when the audit was compiled.
The report was prompted when two computers belonging to the council were stolen in May, one of which contained banking information for 16,541 businesses and individuals.
The revelations are quite shocking: when you review the lengths that the Information Commissioner’s Office (ICO) has gone to, to penalize offenders of the Data Protection Act, it looks like the council decided to take quite the gamble. Especially when you consider that the council was at the center of another infamous data breach when it lost sensitive data in 2009.
Further from computerweekly.com (my emphasis):
“These losses indicate that theft has occurred on a significant scale over a number of years from a ‘secure area’ and it would also appear to show that these thefts have been well organised and systematic,” said the report.
A council spokesman said: “What this report shows is that for a number of years, the council family has been poor at keeping accurate records of its IT equipment. We’re now dealing with that situation and with the unencrypted IT equipment.”
Well, sure, poor at keeping records. But, also, poor at keeping things safe. The opposition may have put it best:
Graeme Hendry, leader of the council’s opposition SNP group, said: “To lose two laptops is worrying but to lose nearly 750 is beyond belief. [thescottishsun.co.uk]
But, that’s not only it. Consider this quote from scmagazineuk.com (my emphasis):
The ludicrous fact that two unencrypted laptops were returned and then lost the same day seems to show a lack of care form the council and its contractors, especially following on from the announcement that the bank details of 16,451 constituents stored on an unencrypted laptop were lost earlier in the year
Uh, what? They lost laptops that were returned (I’m assuming they were lost and returned, and then lost again)? I wasn’t able to confirm the above using a separate source, but if true, and combined with what we already know, it could be the very straw that broke the proverbial camel’s back.
There’s no way that the ICO will now regard the May laptop thefts in a benevolent manner. I expect that a severe monetary penalty will be forthcoming.
BYOD: Mobile Devices Unaccounted For
It’s not only laptops and desktop computers that are missing. Other data devices such as smartphones and USB disks are missing as well.
Incorporated with the previous section, it’s quite obvious that the council is in serious need of a solution that can properly safeguard data on their mobile devices. And, as the BYOD trend accelerates, the council will probably find a package that can control, protect, and monitor both laptops as well as their smaller brethren, like iPhones and Android phones, tablets, etc.
In short, they need something like AlertBoot Mobile Security, which allows an administrator to manage security for smartphones, tablets, and computers (desktop and laptop) from one web-based console.
Related Articles and Sites: