http://www.techworld.com/security/news/index.cfm?newsID=10785 By Tom Jowitt Techworld 28 November 2007 Temporary workers have too much access to computer systems, exposing businesses to potential security risks, says a survey carried out by Websense. In a survey of more than 100 temporary staff in the UK, the security firm found that 88 percent were able to access documents from the company network drive; 62 percent had used someone elses login details to access a work computer; 52 percent had used a colleagues email account; and 81 percent had unlimited access to the Internet from their work PC. Websense says these findings show that by neglecting to put procedures in place to protect against security breaches by temporary workers, businesses are risking potential large-scale data theft. The fact that 80 percent of temporary staff have the same level of access to company documents as permanent staff, but without the same accountability, is also a serious cause for concern. The survey also found that staff were not properly briefed, with 97 percent of respondents saying they either did not understand or had never heard of the Computer Misuse Act. Only 21 percent of temporary workers had signed any type of PC or Web use policy. The survey also touched on the risk presented by Web 2.0 applications. "There is also strong evidence that businesses are failing to manage the use of social networking sites and Web 2.0 technologies, which are a haven for cyber criminals," said Websense. It said that 67 percent of workers admitted to using social networking sites such as Facebook during working hours, and 81 percent are able to access POP email such as Hotmail. Among the other findings, 91 percent were able to print any work document they liked, and 37 percent were given access to passwords for company systems like invoicing, procurement, and payroll. Additionally, 42 percent were able to connect a personal device like an iPod, USB stick, or PDA to their work PC. "Temporary workers are not maliciously trying to steal data," Mark Murtagh, product director at Websense told Techworld. But organisations should be aware that transient temporary workers, such as data entry and data mining staff, often have access to highly sensitive information and databases. Murtagh feels that certain sectors are more at risk than others. "Personally I feel that classic standout industries are more exposed, said Murtagh. Certainly the retail sector, as they bring in more staff to deal with the Christmas rush is at risk, as are call centre and financial institutions." According to Murtagh, Websense is seeing a lot of fraud-based attacks, with hackers using social networking sites such as Facebook and YouTube to attack companies. Last month IDC warned that criminals are taking increasing advantage of Web 2.0 and social networking to attack companies. Murtagh advises companies to review the systems that temporary workers use, and especially look at how temporary workers can have the same access rights as permanent staff. "There is a combination of things businesses can do, but it depends on what is agreeable to them considering their structure and costs." __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Wed Nov 28 2007 - 23:43:11 PST