23:02 GMT +305 December 2019
Listen Live
    UK Police Force Websites Lack Basic Cybersecurity

    'Do as I Say Not as We Do': UK Police Force Websites Lack Basic Cybersecurity

    © Flickr / Blue Coat Photos
    Tech
    Get short URL
    173
    Subscribe

    The UK police force has come under fire after many websites were found to lack basic security software needed to protect private data, potentially exposing information to cybercriminals, according to new research.

    A quarter of police-related websites in the UK are lacking a secure web connection and end-to-end encryption which could expose sensitive data to cybercriminals, according to research carried out by the Center for Public Safety.

    The not-for-profit organizations found that almost a quarter of 71 police websites lacked an automatic secure connection and only one in four sites carried sophisticated security settings to deter cybercriminals.

    "It's actually quite embarrassing for the police to give advice to the public about always looking for a secure Internet connection when so many forces don't have a secure connection themselves," Rory Geoghegan, director of the Center for Public Safety told Sputnik.

    ​"It's 2016, the Internet is not new, the cybersecurity threat is not new — and yet some police forces and their IT providers seems to think it is acceptable to pay large sums of taxpayer money for insecure technology. A quarter of forces aren't offering any encryption at all for the user or the service and this could have severe consequences for individuals," Mr. Geoghegan who carried out the research said.

    The organization also found that more than 70 percent of the websites, many managed by police forces in England and Wales, invited users to submit personal data and information relating to criminal matters via an unsecure connection.

    "So it someone was to provide information over a public wi-fi signal, the criminals could sniff out what was said," Mr. Geoghegan said.

    "It might sound far-fetched but criminals are moving to online activities because that's where the rich rewards are, meanwhile the services charged with protecting us aren't up to the job."

    In the first independent assessment to be carried out into the cybersecurity of police force websites, the center's report found both areas for commendation and concern.

    "London's Metropolitan Police Service spent US$134 million on a supplier and we didn't award their website top marks. Meanwhile rural force in Dorset, received top-marks for its web security despite having a much smaller budget. They clearly had the skills and knowledge to hold their suppliers to account," Mr. Geoghegan told Sputnik. 

    More than 70 percent of the sites checked by the Center for Public Safety invited users to submit personal data, and in some cases specifically relating to criminal activity.

    "One of the examples cited in the research paper includes a situation in which a man who lives on a housing estate is upset at the level of local drug dealing when his friend gets stabbed. So he goes to a coffee shop to use their website in an attempt to anonymously report his concerns to the police. However the connection is public and because there is no end-to-end encryption, people can see the information that is being shared, which can put his life in danger. We have to ask, do police leaders fully understand the risks?" Mr. Geoghegan said. 

    Based on the analysis carried out the center, one quarter have secure connections and half of them have room for improvement, the remaining quarter are in need of serious and urgent improvement.

    "It's seems to be, do as I say, not as I do, when it comes to cybersecurity," Rory Geoghegan told Sputnik.

    Related:

    UK's Bristol Police Suspected of Possessing Cell Phone Surveillance Devices
    UK Security Services Plan to Build 'Great Firewall' to Counter Cyber Threats
    BRICS Security Advisers Agree to Enhance Cyber Security
    Tags:
    private information, hack attack, vulnerability, sensitive information, data, cyberattack, cybersecurity, hacking, police, security, London Metropolitan Police, United Kingdom, London
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik