Survey reveals new data security risk: over 80% of temporary staff have the same level of access to company documents as permanent staff but without the same accountability
CHERTSEY, 27 November 2007 Research released today by Websense, Inc. (NASDAQ:WBSN) has revealed that temporary workers across the UK are unwittingly exposing businesses of all sizes to information security breaches. In the Information Open Access survey of more than 100 temporary staff, the findings indicate that organisations may be unnecessarily putting their data at risk by granting temporary staff access to confidential information at the same levels as permanent employees.
The survey highlights that 87.7% of respondents were able to access documents from the company network drive, 52% had used a co-worker’s e-mail account and 80.7% had unlimited access to the Internet from their work PC. A worrying level of apathy amongst businesses toward basic data security processes is leaving them wide open to the risk of accidental or deliberate data breaches – only 21.1% of temporary workers had signed any type of PC or Web use policy
As businesses gear up for the busy Christmas period, the UK’s 3.1% (or 770,000) temporary staff will balloon to nearly 900,000. However, businesses are evidently ill-prepared for the security risk this introduces. The survey identifies three key issues propagating this security risk:
1. INFORMATION LEAKAGE
The most prominent theme to emerge from the survey results shows that temporary workers are exposing businesses to potentially large-scale information leakage where confidential data is allowed out of the organisation, either by mistake or through malicious intent. Key findings include:
• 87.7% of respondents were able to access documents from the company network drive or electronic folders that permanent staff use on a day to day basis
• 62.4% had used someone else’s login details to access a work PC
• 57.5% admitted sending work documents to the wrong person
• 91.2% were able to print any work document they liked
• 36.8% were given access to passwords for company systems (i.e. invoicing, procurement, payroll)
• 52% used someone else’s e-mail account or a general company e-mail address
• 42.1% were able to connect a personal device (iPod, USB key, PDA) to their work PC
2. LACK OF BASIC DATA SECURITY MANAGEMENT
Underpinning the data leakage risk is a worrying degree of apathy amongst businesses towards basic data security management. The survey indicates that the majority of businesses are failing to put business processes in place for temporary staff to protect against security breaches. 78.9% of temporary workers said they did not have to sign a PC or Internet use policy before starting a temporary assignment. And 97% said they either didn’t understand or had never heard of the Computer Misuse Act. This includes the ‘unauthorised access offence’ where a person is ‘committing an offence if he or she causes a computer to perform any function with intent to secure unauthorised access to or modification of any program or data held in a computer’.
3. EXPOSURE TO EXTERNAL THREATS
The survey also reveals that temporary workers are opening the doors to allow external threats such as Internet viruses or botnets to infect businesses, through a lack of automated Internet and email management. There is also strong evidence that businesses are failing to manage the use of social networking sites and Web 2.0 technologies, which are a haven for cyber criminals.
Key findings include:
• 67% of temporary workers used social networking sites like Facebook during working hours
• 80.7% had unlimited access to the Internet from the work PC
• 80.7% could access POP e-mail like Hotmail
• 21.1% accessed peer to peer sites like Kazaa
• 37.2% used instant messaging to chat with friends
• 25.5% accessed download sites during work hours
“Many businesses across the UK rely on temporary staff to help see them through the busy Christmas period. But business managers need to secure the critical data that is unwittingly being put at risk by temporary staff,’ said Johanna Severinsson, senior marketing director, Websense. “Organisations must start managing what access their temporary staff has to confidential data so they can focus on maximising profits during the festive period rather than dealing with security holes.”