Whilst discussions of information security tend to focus on high-tech cyber attacks; the reality is that many data breaches are down to human error. Generally the biggest single cause of data breaches reported to the Information Commissioner’s Office is simply people sending information to the wrong people. Loss or theft of devices is another significant cause of breaches, so recent figures from various government departments offer some cause for optimism.
The following figures for the year to September 2021 have been published in response to freedom of information requests:
- HMRC recorded 346 lost and stolen devices (down from 375 the previous year);
- Department for Education recorded 116 lost or stolen devices (down from 139);
- The Department for Business, Energy and Industrial Strategy recorded 107 lost or stolen devices (down from 193);
- The House of Commons recorded 15 lost or stolen devices (down from 38); and
- the House of Lords recorded 7 lost or stolen devices (down from 8).
It is also very positive to note that, in most cases, departments were able to confirm that the lost devices had been encrypted.
This reduction in incidents across numerous departments suggests that concrete changes have been put in place across government to reduce the occurrence of loss and theft. It would be interesting to know what exactly these have been so as we can all learn from this success. However, this is only one cause of data breaches and we must ensure that equal attention is paid to mitigating other risks to information security.
In a separate development, the International Red Cross revealed this week that it had been the victim of a cyber attack resulting in the compromise of data relating to over 500 000 vulnerable people. The attack targeted the Red Cross’s Restoring Family Links service which reunites families separated by armed conflict, migration, disaster, detention and other catastrophic events; and has led to work being suspended. It seems a very curious target for cyber criminals and serves as a stark reminder that none of us are safe from attack.
Follow the link to find out how we can help you to improve your information security.