More than 105 devices, including laptops, mobile phones, tablets, cameras, and hard drives, have been stolen from BBC offices and staff in the past two years, according to information obtained under the Freedom of Information Act (FOIA) by Griffin Law.
The corporation reported that individual microphones were the most commonly stolen item, with 36 taken over the last two years – 10 in 2019 and 26 last year. As part of the same 24-month period, the BBC also lost 35 smartphones – 19 in 2019 and 16 in 2020.
The data also revealed that 11 laptops and MacBook devices had been stolen in 2019, six in 2020, and two laptops had been reported stolen last year. Also lost were four hard drives, a camcorder, and an Amazon Fire TV Stick.
According to a BBC spokesperson, the BBC takes crimes seriously and is constantly implementing and reviewing measures to reduce crime and retrieve lost and stolen items.
The nature of many of the devices taken – particularly during the course of 2020 – could indicate some degree of insider action at the BBC, particularly with regard to microphones, potentially of use to staffers working from home.
Edward Blake, area vice-president of Absolute Software for the UK and Ireland, said: “One of the biggest challenges facing organisations during the Covid-19 pandemic has been successfully securing and managing key devices like laptops from loss, theft and rising cyber risks.
“You can’t protect what you cannot see [and] with so many people either working remotely or on the move, large organisations like the BBC will inevitably see devices go missing, some of which will contain confidential data,” he said.
Blake emphasized the fact that, as corporations such as the BBC continue to mandate work-from-home policies for non-key employees, they can no longer rely solely on network-based cyber security policies, but rather need to implement more endpoint protection measures.
“This means ensuring they have an unbreakable digital tether to all devices capable of delivering complete visibility and control, enabling real-time insights into the state of those devices and allowing them to self-heal security controls and productivity tools,” he said.
Writing in Computer Weekly earlier in 2021, Elliot Rose and Cate Pye of PA Consulting said that in light of continuing work from home orders, security teams needed to provide users with processes and systems that encourage and support compliance with cyber security policies, which could include device policies.
“While trying to be all-controlling erodes the effectiveness gains we have made in the new virtual world, some level of control is still required. This should be explained and viewed as supporting and protecting our people from threats,” they said.
Mike Gillespie, managing director and co-founder of independent security consultancy Advent IM, said that by working with users to help them understand what security teams are trying to achieve, and empowering them, organisations can better encourage initiative, discretion and common sense.
“Ultimately, we end up with a newly educated, empowered, disciplined and highly motivated remote workforce who are working with us to secure our assets,” he wrote. “Longer term, this could actually result in a lower cost of ownership through a decreasing dependency on the technology alone.”