Just one in 10 local authorities encrypts all their computer data, new research has revealed.
The survey of IT and security managers at 60 local councils and police authorities found that data on “some computers carrying sensitive material” was encrypted by 45% of respondents, with only 10% saying data on all machines was encrypted.
More than four in 10 respondents – 43% - confirmed that no data was encrypted by their organisation.
But 38% of respondents said their organisation had been faced with an incident in which a laptop computer was lost or stolen during the past year – including one of the six police authorities in the survey carried out by security vendor BeCrypt.
Three in 10 of those surveyed also reported that they had no procedures regarding use of USB devices – a common cause of data security problems. Just 2% of organisations had imposed a total ban on USB devices, while 38% allowed limited use and implemented port control security.
The survey also highlighted a lack of disaster recovery planning. Only 8% of those surveyed said they had a full disaster recovery plan with facilities for secure mobile working and an alternative site to use in case of a major problem such as a flu pandemic or public transport collapse that prevented staff getting to the office.
More than four in 10 respondents said they had “few plans” but that data was backed up, while 20% said staff would have to work from home using their laptops and 23% said an alternative site “would be set up”.
Richard Brooks, BeCrypt’s director of sales, said: “The use of laptops, USB devices and other removable media are posing an increasing risk to data security. The survey highlights that 30% of councils have no policy regarding the use of USB devices and the inadvertent or malicious threat of data leakage.”