Temporary workers pose security risk

Temporary workers pose security risk

Websense survey finds that temporary staff have too much access to computer systems

Temporary workers across the UK are exposing businesses to information security risks, according to a survey carried out by security firm Websense.

The survey of more than 100 temporary staff found that 87 per cent were able to access documents from the company network drive, 52 per cent had used a colleague’s e-mail account and 80 per cent had unlimited access to the Internet from their work PC.

According to Websense, the findings show that, by neglecting to put procedures in place to protect against security breaches by temporary workers, businesses were running the risk of large-scale data loss. Staff were not properly briefed, the survey found, and 97 per cent said they either did not understand or had never heard of the Computer Misuse Act, while 79 per cent said they did not have to sign a PC or Internet use policy before starting a temporary assignment.

There was also evidence that businesses were not managing access to Web 2.0 technologies, with 67 per cent of workers admitting to using social networking sites such as Facebook during working hours, and 81 per cent able to access POP email such as Hotmail.

Emma Leith, an information security consultant at Comsec Consulting, said she was not surprised by the findings: “A lot of companies tend to have procedures and policies that are not really accessible because people don’t know they exist. This applies more so to temporary workers. The first thing they should be given is information on the firm’s procedures and policies on the Data Protection Act and on email misuse.”

Leith said that the majority of security breaches come from within the organisation, and added that permanent workers also needed to be kept up-to-date with security policy. Often policies were not enforced, she added: “Even at the database level, I often see permissions not adhered to; there are certain sensitive files that everyone has access to when they should only be available for specific roles.”

Increasingly, she said, security procedures could be enforced through technological solutions, such as email encryption and unified threat management devices that could prevent certain files from being copied.