A quarter of police-related websites in the UK are lacking a secure web connection and end-to-end encryption which could expose sensitive data to cybercriminals, according to research carried out by the Center for Public Safety.
We've just published our latest #PublicSafetyBriefing examining UK #police website #cybersecurity. Find it here: https://t.co/T3GzMNLb3Z pic.twitter.com/6CCeaBRUOi
— Centre Public Safety (@CenPublicSafety) October 11, 2016
The not-for-profit organizations found that almost a quarter of 71 police websites lacked an automatic secure connection and only one in four sites carried sophisticated security settings to deter cybercriminals.
"It's actually quite embarrassing for the police to give advice to the public about always looking for a secure Internet connection when so many forces don't have a secure connection themselves," Rory Geoghegan, director of the Center for Public Safety told Sputnik.
"It's 2016, the Internet is not new, the cybersecurity threat is not new — and yet some police forces and their IT providers seems to think it is acceptable to pay large sums of taxpayer money for insecure technology. A quarter of forces aren't offering any encryption at all for the user or the service and this could have severe consequences for individuals," Mr. Geoghegan who carried out the research said.
The organization also found that more than 70 percent of the websites, many managed by police forces in England and Wales, invited users to submit personal data and information relating to criminal matters via an unsecure connection.
"So it someone was to provide information over a public wi-fi signal, the criminals could sniff out what was said," Mr. Geoghegan said.
"It might sound far-fetched but criminals are moving to online activities because that's where the rich rewards are, meanwhile the services charged with protecting us aren't up to the job."
"London's Metropolitan Police Service spent US$134 million on a supplier and we didn't award their website top marks. Meanwhile rural force in Dorset, received top-marks for its web security despite having a much smaller budget. They clearly had the skills and knowledge to hold their suppliers to account," Mr. Geoghegan told Sputnik.
More than 70 percent of the sites checked by the Center for Public Safety invited users to submit personal data, and in some cases specifically relating to criminal activity.
"One of the examples cited in the research paper includes a situation in which a man who lives on a housing estate is upset at the level of local drug dealing when his friend gets stabbed. So he goes to a coffee shop to use their website in an attempt to anonymously report his concerns to the police. However the connection is public and because there is no end-to-end encryption, people can see the information that is being shared, which can put his life in danger. We have to ask, do police leaders fully understand the risks?" Mr. Geoghegan said.
Based on the analysis carried out the center, one quarter have secure connections and half of them have room for improvement, the remaining quarter are in need of serious and urgent improvement.
"It's seems to be, do as I say, not as I do, when it comes to cybersecurity," Rory Geoghegan told Sputnik.