For instance, in October 2017, a USB stick was found in Queen’s Park, West London. The device, which wasn’t encrypted, contained 76 folders of confidential information about London Heathrow airport. It included CCTV camera locations, patrol information, and even the route that the Queen would take to Heathrow. It also contained information about the security measures used to protect government officials, and even ID information used to access protected areas of the airport. If the wrong person had found this USB, you can only imagine the risk there could be to national security. For this incident, Heathrow was fined £120,000 by the ICO for failing to secure personal data.
Device loss like this happens a lot more than you’d expect. Between 2024 and 2025, the UK government lost over 2,000 devices. Hundreds of these devices belonged to the Ministry of Defence.
When it comes to confidential information, it’s crucial to both encrypt devices and take steps to safeguard against their loss or theft.
Recent data breach trends
The Information Commissioner’s Office regularly publishes quarterly information about recent data security incident trends. Their latest report shows a huge number of data breaches caused by unauthorised access or misuse of hardware. In 2025, there were 25 incidents reported caused by the incorrect disposal of hardware, and a further 654 caused by the loss or theft of a device containing personal data.
So, how can we keep devices containing confidential information safe?
There are so many simple things we can do to keep our devices safe.
Encryption
Firstly, encryption. Encrypting devices is very easy to do with the correct software. When you encrypt, you make sure that any information stored on your devices is not accessible to anyone without the encryption key – sort of like a password that keeps all of the documents on your device safe. Just make sure you don’t lose the encryption keys! Without these, you will not be able to retrieve your files.
Lock devices away when not in use
When you’re leaving the workplace or even leaving your own home, make sure any valuables are out of view of any windows or doors. Lock devices away if they are valuable and easy to steal. Not only are devices often expensive to replace, but there is also the cost of the hours of work or wonderful memories you could lose by having your files stolen.
Do not leave devices unattended
If you or your team members are working remotely, make sure they are aware of the risks of leaving their work laptops or phones unattended in public spaces – even if it’s just for a few moments. It is thought that a laptop is stolen in the UK every 53 seconds. Don’t give thieves their window of opportunity.
Even if you are not working remotely, you should also be extremely cautious when leaving your devices unattended. If you are away from your office computer for just a moment, lock it. There will be files on your computer that not everyone at your workplace should have access to, whether that’s confidential client information or your emails. A colleague even seeing confidential information they shouldn’t have access to by accident constitutes a data breach. Your organisation could even receive large fines for such a breach occurring. It is much safer to keep portable devices with you and keep them locked anytime you aren’t using them.
Back up your files
Backing up your files is incredibly important. Firstly, if you have backups, you won’t lose everything if your devices are lost or stolen. Secondly, if your devices are lost or stolen, you will know exactly what information has been exposed to vulnerability. If your device contained information such as business secrets, email databases, or even things like scanned copies of your passport, you’ll know exactly what data could have been compromised. From that, you will be able to contact anyone who has potentially been affected by data loss. Your backups should also be secure. Treat them like original copies of your documents. Make sure they are encrypted, locked away, and aren’t vulnerable to unauthorised access.
Secure destruction of hard drives and media storage devices
When devices are no longer needed, they should be securely destroyed. Hard drive data can be destroyed through degaussing, by specialist hard drive shredders, or both. This guarantees that any information that ever existed can never be recovered. Media storage devices can also be destroyed by a reputable shredding service provider.
If you are worried about data loss or breaches at your organisation, you may find our Fraud Awareness Guide for Businesses helpful. This guide covers many things you can do to safeguard against other risks, such as cybersecurity attacks and espionage.
