National Highways has dismissed concerns about cyber security after it was revealed that that agency had misplaced 125 electronic devices, including hard drives, laptops and iron key storage devices.
The loss of devices came to light in a Freedom of Information (FOI) request made by niche litigation practice Griffin Law. The FOI request found that over the last five years National Highways (Highways England as it was previously known) lost a total of 125 electronic devices, a number of which contained confidential data.
Philomena Lavery, National Highways director of information and cyber security, said: “We take responsibility for cyber security risks extremely seriously. All of our devices are encrypted and where possible undergo remote wiping if they are reported lost or stolen. We are confident that this helps to protect the confidentiality, integrity and availability of our information.
“More generally, National Highways is undertaking a significant programme to develop our cyber security approach going forward. This includes proactively working to identify and resolve potential future threats to the Strategic Road Network including those to equipment such as electric vehicle chargers.”
What was lost?
The FOI request revealed that during the period, eight laptops were lost or stolen, as well as a desktop computer, 69 mobile phones, 12 tablets, five iron key storage devices and four hard drives.
In 2021, 17 phones were lost with another five being reported as stolen. A total of 31 different devices throughout the whole of 2021 were misplaced.
The year with the greatest losses was 2018 when 20 phones and eight laptops misplaced, and six other devices lost.
Phones topped the lost devices list, with 69 being lost and 11 being stolen across the five years.
In relation to the specific numbers revealed in the FOI request, National Highways noted: “The data for lost and stolen items covers a full five-year period and represents less than 0.5% of overall devices. The accurate reporting of this data is testament to our management processes and ensures that any irregular losses are investigated immediately.”
Achi Lewis, area vice president EMEA at cyber security specialist Absolute Software, said: “Now we are living in a largely hybrid working environment, the management and tracking of a workforce and their devices has become more difficult than ever. Rather than having all an organisation’s devices in one place, they are scattered around, increasing the attack surface for organisations, and therefore requiring greater security measures.
“A resilient zero trust policy should be deployed to prevent malicious actors from breaching a lost or stolen device, or endpoint. This can be combined with solutions such as secure access controls, allowing the organisation to remotely shut off a misplaced device, protecting both the data on the device itself and the rest of the network, and stopping further costly data loss.”
Don’t miss out on BIM and digital construction news: sign up to receive the BIMplus newsletter.