By Tom Jowitt
28 November 2007
Temporary workers have too much access to computer systems, exposing
businesses to potential security risks, says a survey carried out by
In a survey of more than 100 temporary staff in the UK, the security
firm found that 88 percent were able to access documents from the
company network drive; 62 percent had used someone elses login details
to access a work computer; 52 percent had used a colleagues email
account; and 81 percent had unlimited access to the Internet from their
Websense says these findings show that by neglecting to put procedures
in place to protect against security breaches by temporary workers,
businesses are risking potential large-scale data theft. The fact that
80 percent of temporary staff have the same level of access to company
documents as permanent staff, but without the same accountability, is
also a serious cause for concern.
The survey also found that staff were not properly briefed, with 97
percent of respondents saying they either did not understand or had
never heard of the Computer Misuse Act. Only 21 percent of temporary
workers had signed any type of PC or Web use policy.
The survey also touched on the risk presented by Web 2.0 applications.
"There is also strong evidence that businesses are failing to manage the
use of social networking sites and Web 2.0 technologies, which are a
haven for cyber criminals," said Websense.
It said that 67 percent of workers admitted to using social networking
sites such as Facebook during working hours, and 81 percent are able to
access POP email such as Hotmail.
Among the other findings, 91 percent were able to print any work
document they liked, and 37 percent were given access to passwords for
company systems like invoicing, procurement, and payroll. Additionally,
42 percent were able to connect a personal device like an iPod, USB
stick, or PDA to their work PC.
"Temporary workers are not maliciously trying to steal data," Mark
Murtagh, product director at Websense told Techworld. But organisations
should be aware that transient temporary workers, such as data entry and
data mining staff, often have access to highly sensitive information and
Murtagh feels that certain sectors are more at risk than others.
"Personally I feel that classic standout industries are more exposed,
said Murtagh. Certainly the retail sector, as they bring in more staff
to deal with the Christmas rush is at risk, as are call centre and
According to Murtagh, Websense is seeing a lot of fraud-based attacks,
with hackers using social networking sites such as Facebook and YouTube
to attack companies. Last month IDC warned that criminals are taking
increasing advantage of Web 2.0 and social networking to attack
Murtagh advises companies to review the systems that temporary workers
use, and especially look at how temporary workers can have the same
access rights as permanent staff. "There is a combination of things
businesses can do, but it depends on what is agreeable to them
considering their structure and costs."
Visit InfoSec News