One million UK employees admit to losing confidential data
HMRC is not alone in failing to protect confidential information.
According to a new survey from Navigant Consulting, conducted by YouGov, more than one million employees in Britain (four per cent of all working adults) have lost, or had stolen a laptop computer; personal digital assistant; thumb-drive; CD; or floppy disk containing confidential information about customers, suppliers, staff or financial information, and a further 12 per cent – almost three and a half million people – claim that this has happened to a work colleague.Navigant Consulting warns that employees’ work habits and lack of awareness about security are increasingly putting companies and organisations’ confidential information at risk from opportunistic identity thieves. Andrew Durant, managing director in Navigant Consulting’s Fraud Investigations team, urges employers to make sure that basic measures are in place rather than obsess about complicated IT security.
"Our survey shows that 17 per cent of the British work force now uses a company laptop at home – that’s nearly five million people – and indicates that working from home is an established working practice rather than a trend," says Andrew Durant. "Yet only 25 per cent of these said that their laptops are encrypted to protect the confidential information they contain".
"In addition, more than 11 million employees - 39 per cent of workers and/or their colleagues – save data onto a PDA, thumb-drive, CD, or other device, to work from home. It is unrealistic to expect employees to stop using technology to work more flexibly, and frankly reckless for companies not to put measures in place to protect their confidential information in view of this change in working habits.
"Information security is a complex and expensive area, and I can understand why businesses want to bury their heads in the sand. But most frauds perpetrated using stolen confidential information can be prevented by taking some simple, common sense measures," claims Durant.
In the first half of 2007 reported stolen data included:
"Companies should have a policy regarding what information should and shouldn’t be stored on laptops and other devices and communicate this clearly to staff. Many employees will be unaware that information is confidential or could be used to perpetrate a fraud against the company or individuals connected to it.
"Laptop hard drives should be encrypted so that data is protected if it is stolen or mislaid. This can equally apply to specific files that contain sensitive data stored on a server to prevent them being copied or read by unauthorised people. Companies can also prevent electronic data containing confidential information from being stored locally on an individuals’ PC or laptop, instead forcing them to be stored centrally - this, greatly reduces the threat if a computer were lost or stolen," advises Durant.
Other work practices which are considered risky include employees sending documents containing confidential information to their own or other people’s personal web mail accounts such as Yahoo! or Hotmail for work reasons - 15 per cent of British workers, approximately 4.3 million people admit to doing this; and allowing company laptops to be used by friends and family. As many as 29 per cent of employees who use a company laptop at home are happy to let others use their work laptops – more women than men are content to let this happen (37% and 25% respectively).
"Both of these practices illustrate how organizations are losing control of their confidential information as data flows out of the organization and into the hands of individuals who may have no relationship or loyalty to the owner of the information," says Durant.
Basic security is also failing in the work place according to Durant: "Identity fraudsters and organised criminals place bogus employees, and bribe temporary staff or even disillusioned employees to steal information from the inside.
"Yet 23 per cent of British employees know other employees’ computer passwords; 14 per cent claim that colleagues know their password; four per cent write their password down; four per cent all use the same password and five per cent don’t have one at all. It would be child’s play for a fraudster to sit down at a colleagues’ computer and access confidential information if there wasn’t a system of restricted access in place or data encryption that would prevent an unauthorised person from gaining admission to computer files.
"This practice also negates the value of audit logs as it would direct an investigation towards an innocent person."
RELATED ARTICLES
- Revenue suspends board after review into lost child benefit data discs
- Data protection prosecution?
- World’s first web security service for roaming employees launches
- Laptops containing protected data banned from leaving public sector offices
- CBI slams government record on data protection and other employment law breaches
- Have a rant: technology
- Union blames job cuts and lack of resources at HM Revenue and Customs for lost child benefit records
ALSO SEE...
- More supplier news articles on Economics, government & business
- More supplier news articles on Employment law
- More supplier news articles on General HR management
- More supplier news articles on Strategy
- More supplier news articles on Business performance
- More supplier news articles on Computer misuse
- More supplier news articles on Corporate social responsibility
- More supplier news articles on Data protection
- More supplier news articles on Knowledge management
- More supplier news articles on Mobile workers
- More supplier news articles on Teleworking
COMMENTS
As a tech geek and the IT guy of my house I employ these simple, common-sense measures as well to safeguard my data. For instance, my personal notebook never contains mission critical data. That type of info is stored on a desktop PC that stays in my house and is remotely accessed via VNC. VNC is a light-weight and freely available application that allows any computer on a network to display and control a remote computer. In this way, programs such as Quicken reside on my desktop computer and can be managed from my notebook. If my notebook is ever stolen, my data and personal account information is not compromised because it is basically a terminal device.
For passwords, I tend to write them down. There is much debate over this but in my opinion it is better to write down a complicated password then to try to memorize easy ones. If you are an organization freak like myself then do yourself a favor and pick up a password organizer book as well so you don't have loose scraps of paper floating around with all sorts of login information. Check out: http://www.internetpasswordorganizer.com/ for a nice solution.
The Mad Hermit
ALERTS
 | Alert me when new articles are added which relate to these topics |
Business performance Computer misuse Corporate social responsibility Data protection Knowledge management Mobile workers Teleworking | |
| Alert me when new articles are added which relate to these specialism areas |
Economics, government & business Employment law General HR management Strategy | |
RELATED PERSONNEL TODAY PRODUCTS AND SERVICES
More...More...More...More...More...More...More...