[ISN] Security risks of temp workers being ignored

From: InfoSec News (alerts@private)
Date: Wed Nov 28 2007 - 23:26:31 PST


By Tom Jowitt
28 November 2007

Temporary workers have too much access to computer systems, exposing 
businesses to potential security risks, says a survey carried out by 

In a survey of more than 100 temporary staff in the UK, the security 
firm found that 88 percent were able to access documents from the 
company network drive; 62 percent had used someone elses login details 
to access a work computer; 52 percent had used a colleagues email 
account; and 81 percent had unlimited access to the Internet from their 
work PC.

Websense says these findings show that by neglecting to put procedures 
in place to protect against security breaches by temporary workers, 
businesses are risking potential large-scale data theft. The fact that 
80 percent of temporary staff have the same level of access to company 
documents as permanent staff, but without the same accountability, is 
also a serious cause for concern.

The survey also found that staff were not properly briefed, with 97 
percent of respondents saying they either did not understand or had 
never heard of the Computer Misuse Act. Only 21 percent of temporary 
workers had signed any type of PC or Web use policy.

The survey also touched on the risk presented by Web 2.0 applications. 
"There is also strong evidence that businesses are failing to manage the 
use of social networking sites and Web 2.0 technologies, which are a 
haven for cyber criminals," said Websense.

It said that 67 percent of workers admitted to using social networking 
sites such as Facebook during working hours, and 81 percent are able to 
access POP email such as Hotmail.

Among the other findings, 91 percent were able to print any work 
document they liked, and 37 percent were given access to passwords for 
company systems like invoicing, procurement, and payroll. Additionally, 
42 percent were able to connect a personal device like an iPod, USB 
stick, or PDA to their work PC.

"Temporary workers are not maliciously trying to steal data," Mark 
Murtagh, product director at Websense told Techworld. But organisations 
should be aware that transient temporary workers, such as data entry and 
data mining staff, often have access to highly sensitive information and 

Murtagh feels that certain sectors are more at risk than others. 
"Personally I feel that classic standout industries are more exposed, 
said Murtagh. Certainly the retail sector, as they bring in more staff 
to deal with the Christmas rush is at risk, as are call centre and 
financial institutions."

According to Murtagh, Websense is seeing a lot of fraud-based attacks, 
with hackers using social networking sites such as Facebook and YouTube 
to attack companies. Last month IDC warned that criminals are taking 
increasing advantage of Web 2.0 and social networking to attack 

Murtagh advises companies to review the systems that temporary workers 
use, and especially look at how temporary workers can have the same 
access rights as permanent staff. "There is a combination of things 
businesses can do, but it depends on what is agreeable to them 
considering their structure and costs."

Visit InfoSec News

This archive was generated by hypermail 2.1.3 : Wed Nov 28 2007 - 23:43:11 PST