Govt's lack of laptop security 'alarming'

Thousands of government laptops with little or no security are stolen every year, and the trend is getting worse, according to a survey

An increasing number of government laptops containing unprotected sensitive information are lost and stolen every year, while government employee security practices suggest that data on the lost machines is ill-protected, according to a security survey published on Monday.

According to the survey, which was commissioned by Thales E-Security, 6 percent of government employees have lost or had their laptops stolen, while a staggering 25 percent write their passwords down -- almost half of these people admit to carrying their passwords with them when out of the office.

Paul Jackson, director of marketing at Thales E-security told ZDNet UK that this is a problem that the Government has to take more seriously. "Six percent doesn't sound like a huge percentage, until you think about how many thousands of laptops are in use. They are an alarming set of results and the trend is increasing," he said.

The survey also revealed that 64 percent of respondents believe their passwords are good enough to protect them from hackers while 77 percent find them easy to remember. "You have got to give people credit for realising how important a strong password is, but because so many of them write them down, one in four people's passwords are probably quite accessible," said Jackson.

Almost a quarter of respondents take their laptops out of the office at least once a week, and 44 percent of them have no encryption software. This figure could be even higher, because a third of the respondents didn't know if they had encryption software.

However, the news is not all bad. The Ministry of Defence takes security very seriously, and according to Jackson, it has stipulated that all new laptops must have hard-disk encryption. "People who handle more classified info are only allowed to use quite long alphanumeric passwords. Remembering one might be quite feasible but remembering several is an absolute nightmare," said Jackson.

He advises that security can be significantly increased by augmenting passwords with a security token, such as a contact-less smart card.

The survey was conducted of 117 employees at the MoD, the justice system, police and health services.