Skip to main content

UK Businesses Blind to the Data Breach Risks of Temporary Staff

Research released today by Websense has revealed that temporary workers across the UK are unwittingly exposing businesses of all sizes to information security breaches.

In the Information Open Access survey of more than 100 temporary staff, the findings indicate that organisations may be unnecessarily putting their data at risk by granting temporary staff access to confidential information at the same levels as permanent employees.

The survey highlights that 87.7% of respondents were able to access documents from the company network drive, 52% had used a co-worker's e-mail account and 80.7% had unlimited access to the Internet from their work PC.

A worrying level of apathy amongst businesses toward basic data security processes is leaving them wide open to the risk of accidental or deliberate data breaches - only 21.1% of temporary workers had signed any type of PC or Web use policy

As businesses gear up for the busy Christmas period, the UK's 3.1% (or 770,000) temporary staff will balloon to nearly 900,000.

However, businesses are evidently ill-prepared for the security risk this introduces. The survey identifies three key issues propagating this security risk:

The most prominent theme to emerge from the survey results shows that temporary workers are exposing businesses to potentially large-scale information leakage where confidential data is allowed out of the organisation, either by mistake or through malicious intent. Key findings include:

87.7% of respondents were able to access documents from the company network drive or electronic folders that permanent staff use on a day to day basis
62.4% had used someone else's login details to access a work PC
57.5% admitted sending work documents to the wrong person
91.2% were able to print any work document they liked
36.8% were given access to passwords for company systems (i.e. invoicing, procurement, payroll)
52% used someone else's e-mail account or a general company e-mail address
42.1% were able to connect a personal device (iPod, USB key, PDA) to their work PC
Underpinning the data leakage risk is a worrying degree of apathy amongst businesses towards basic data security management. The survey indicates that the majority of businesses are failing to put business processes in place for temporary staff to protect against security breaches. 78.9% of temporary workers said they did not have to sign a PC or Internet use policy before starting a temporary assignment. And 97% said they either didn't understand or had never heard of the Computer Misuse Act. This includes the 'unauthorised access offence' where a person is 'committing an offence if he or she causes a computer to perform any function with intent to secure unauthorised access to or modification of any program or data held in a computer'.

The survey also reveals that temporary workers are opening the doors to allow external threats such as Internet viruses or botnets to infect businesses, through a lack of automated Internet and email management. There is also strong evidence that businesses are failing to manage the use of social networking sites and Web 2.0 technologies, which are a haven for cyber criminals.

Key findings include:

67% of temporary workers used social networking sites like Facebook during working hours
80.7% had unlimited access to the Internet from the work PC
80.7% could access POP e-mail like Hotmail
21.1% accessed peer to peer sites like Kazaa
37.2% used instant messaging to chat with friends
25.5% accessed download sites during work hours

"Many businesses across the UK rely on temporary staff to help see them through the busy Christmas period. But business managers need to secure the critical data that is unwittingly being put at risk by temporary staff,' said Johanna Severinsson, senior marketing director, Websense.

"Organisations must start managing what access their temporary staff has to confidential data so they can focus on maximising profits during the festive period rather than dealing with security holes."

Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.