At the end of last month a break-in at Royston House in Belfast, the Department of Finance and Personnel, resulted in 13 laptops being stolen. Some of the laptops contained personal information including employee names, addresses, National Insurance Numbers, date of births and even bank account numbers.
This particular data loss has caught my interest as I have a number of family members and friends working in the Northern Ireland civil service all of who are extremely concerned over the laptop thefts. This incident affects over 30,000 civil servants with 900 of those having their bank details at risk.
To add insult to those affected by the thefts a spokesperson for the Department of Finance and Personnel has said:
“In accordance with Northern Ireland Civil Service data security procedures all of the laptops were password-protected”.
Now that speaks volumes to me as password protection does not make up security procedures alone and does this mean the Northern Ireland Civil Service does not practice the very basics of IT security? Let’s face it, passwords are easily cracked and it doesn’t take a genius to actually hack a password.
The Department of Finance and Personnel released an FAQ on their website regarding the theft of the laptops which makes interesting reading to say the least, along with the repeated mention of the laptops being password protected.
There is little information given on how these laptops were stored at Royston House but the fact that someone could break-in and removes 13 devices is a serious concern, especially for a civil service department. Being a government organisation with a large IT department (and budget) you would expect a bit more than using simple passwords to protect data.
One question now needs to be asked would be is all their computer equipment only protected using passwords? Let’s hope they don’t use stupid passwords like ‘password’ for instance.
How to protect data on laptops
Password protecting laptops is not a solution to keep data safe as they can be easily cracked or even by-passed. For the likes of the Northern Ireland civil service I would have at least expected some form of data encryption on their laptops as 1: it’s easy to implement and 2: it’s not an expensive solution even for a government department.
As part of our online data protection services we provide a solution called DataDefense that can not only encrypt contents of a hard drive but can also track laptops (when online) and even delete data from hard drive when commanded by the centralised admin portal. Also, if a laptop fails to connect to the internet within a specific timeframe it can be set to automatically delete the contents of the hard drive lowering the risk of a serious data breach.
Dont be caught like the Civil Service, use tools and services that have been made available to help protect your laptops. If you have laptops or computers you would like to protect contact us and speak with one of our IT engineers for advice.
Related posts:
[...] is a stark reminder, as was the 13 laptops stolen from the Belfast civil service, that laptops are a prime target for thieves and should be protected [...]