The Information Commissioner’s Office fined businesses £26m over the past two years for staff losing laptops and smartphones but only fined one company £98,000 for leaving itself vulnerable to a ransomware attack
Lost work laptops and phones have cost businesses £26m in fines over the last two years alone.
According to Cisco research, the Information Commissioner’s Office received more than 3,000 reports of lost devices which contained personal data.
Businesses were fined a total of £26m as a result.
In fact, staff mislaying their laptops and smartphones cost businesses far more in fines than cybersecurity attacks – just one business, a law firm, was fined for security failings which allowed a ransomware attack to happen.
In March this year the ICO fined Tuckers Solicitors £98,000 for failing to “implement appropriate technical and organisational measures” on its computer networks to shut out ransomware hackers.
Online criminals broke into the London-based criminal law firm’s systems and stole thousands of files, some of which were later dumped online for anyone to read.
Martin Lee, a technical lead for cyber security with Cisco, wondered if staff losing thousands of laptops and smartphones was to do with commuters unused to going back into the office post-pandemic.
Lee told the Telegraph: “Going to the office might not be an everyday routine any more, where you put your laptop in your backpack and get in the car and drive off, or get on the bus.
“With remote workers travelling between locations, they’re carrying their laptops with them as working practices have changed.”
“Leaving your laptop, in the bus, in a cafe, having it stolen or something is entirely predictable.”
If your business loses a device containing or capable of accessing personal data of customers or suppliers, the loss must be reported to the ICO under data protection laws.
Further reading:
Top 10 most disastrous cyber hacks of the 2020s so far – This article takes a look at the top 10 most disastrous cyber hacks carried out on organisations in the 2020s, so far
Combating common information security threats – What are the security threats most often faced by businesses today and how can they be overcome?
Establishing a strong information security policy – There are several considerations for companies creating an information security policy. So, how can organisations ensure they have a strong policy in place which reflects the needs of the business?