IT Staff who have opted for a hybrid work culture or those on the move often experience device loss. Issue deteriorates when the ICO imposes a penalty on the company because their staff have lost laptops because of their negligence or misfortune,
Taking context of staff losing laptops into account, the Information Commissioner Office has reportedly imposed a penalty of £26m since 2020 on companies as their employees’ lost laptops, but imposed a fine of just £90,000 on a single company for putting itself at risk to ransomware attacks.
In research conducted by Cisco, in the past two years, ICO is said to have received over 3k complaints from employees losing devices that contained sensitive info. The devices were lost because of misplacement and that costed a lot to a law firm as it was penalized for exposing its IT infrastructure to file encrypting malware attacks.
A few months ago, cyber criminals infiltrated a law firm’s computer network to steal thousands of files. Those files were later dumped online for sale and were made available to anyone interested in gathering info from them.
ICO launched a serious probe on this note, as it leaked personal information of some celebrities who were clients to the said legal firm. And upon conformation, it penalized the firm with a stipulated sum need to be paid within a certain period.
Martin Lee, a security expert at Cisco, wondered why only the staff losing gadgets was being heavily penalized and why those exposing their networks to cyber attacks were being left without being levied with harsh penalties?
Well, in this context, some clarity needs to be put in here. Losing devices is a crime committed because of the carelessness of a human being.
But being targeted by a file encrypting malware, even if the victim has taken all proactive security measures, is a misfortune. What will the target do if the attack is filled with sophistication and complexity?