Nine in 10 local councils in the UK are unable to guarantee they have encrypted all sensitive data on mobile devices.
That is the finding of a new survey across 40 city councils, conducted by IT services firm Telindus.
Nearly half of the councils have responded to recent data leakage incidents by reviewing security systems or introducing new technology to ensure sensitive data held on laptops is protected. But 43 percent have no immediate plans to upgrade their data protection.
Alarmingly, those councils that are not upgrading their data protection rely only on passwords, and on staff not transferring sensitive data to laptops. But with 92 percent of the councils enabling their staff to connect to the council network from remote locations, these councils were taking a large risk, Telindus said.
Mark Hutchinson, managing director at Telindus, said the private sector “still needs to play catch-up” when it came to preventing data leakage on mobile devices.
Encryption was a sensible step, he said. But he added “there is no way of telling whether the encryption method has been compromised”, so councils “must think beyond encryption when reviewing their security measures and consider installing a ‘track and kill’ device on all laptops”.
Telindus sells its own Laptop Custodian software, which enables IT departments to track laptops and destroy data on them remotely if needed.
In November, Socitm, the public sector IT directors’ organisation and the Local Government Association have jointly produced new guidelines for data handling in local councils. The Local Government Data Handling Guidelines provide a checklist of actions and highlight best practice in secure data handling.