UK businesses ignoring the data breach risks of temporary staff

Research released by Websense has revealed that temporary workers across the UK are unwittingly exposing businesses of all sizes to information security breaches. In the Information Open Access survey, the findings indicate that organisations may be unnecessarily putting their data at risk by granting temporary staff access to confidential information at the same levels as permanent employees.

The survey of temporary staff highlights that 87.7 percent of respondents were able to access documents from the company network drive, 52 percent had used a co-worker's e-mail account and 80.7 percent had unlimited access to the Internet from their work PC. A worrying level of apathy amongst businesses toward basic data security processes is leaving them wide open to the risk of accidental or deliberate data breaches - only 21.1 percent of temporary workers had signed any type of PC or Web use policy

The survey identifies three key issues in relation to this security risk:

1. Information leakage

The most prominent theme to emerge from the survey results shows that temporary workers are exposing businesses to potentially large-scale information leakage where confidential data is allowed out of the organisation, either by mistake or through malicious intent. Key findings include:
- 87.7% of respondents were able to access documents from the
company network drive or electronic folders that permanent staff use on a day to day basis
- 62.4% had used someone else's login details to access a work PC
- 57.5% admitted sending work documents to the wrong person
- 91.2% were able to print any work document they liked
- 36.8% were given access to passwords for company systems (i.e.
invoicing, procurement, payroll)
- 52% used someone else's e-mail account or a general company
e-mail address
- 42.1% were able to connect a personal device (iPod, USB key,
PDA) to their work PC

2. Lack of basic data security management

Underpinning the data leakage risk is a worrying degree of apathy amongst businesses towards basic data security management. The survey indicates that the majority of businesses are failing to put business processes in place for temporary staff to protect against security breaches. 78.9 percent of temporary workers said they did not have to sign a PC or Internet use policy before starting a temporary assignment. And 97 percent said they either didn't understand or had never heard of the Computer Misuse Act. This includes the 'unauthorised access offence'
where a person is 'committing an offence if he or she causes a computer to perform any function with intent to secure unauthorised access to or modification of any program or data held in a computer'.

3. Exposure to external threats

The survey also reveals that temporary workers are opening the doors to allow external threats such as Internet viruses or botnets to infect businesses, through a lack of automated Internet and e-mail management.
There is also strong evidence that businesses are failing to manage the use of social networking sites and Web 2.0 technologies, which are a haven for cyber criminals, says Websense.

Key findings include:
- 67% of temporary workers used social networking sites like
Facebook during working hours
- 80.7% had unlimited access to the Internet from the work PC
- 80.7% could access POP e-mail like Hotmail
- 21.1% accessed peer to peer sites like Kazaa
- 37.2% used instant messaging to chat with friends
- 25.5% accessed download sites during work hours

www.websense.com

•Date: 28th Nov 2007• Region:UK •Type: Article •Topic: ISM
Rate this article or make a comment - click here