One million UK employees admit to losing confidential data

HMRC is not alone in failing to protect confidential information. According to a new survey from Navigant Consulting, conducted by YouGov, more than one million employees in Britain (four per cent of all working adults) have lost, or had stolen a laptop computer; personal digital assistant; thumb-drive; CD; or floppy disk containing confidential information about customers, suppliers, staff or financial information, and a further 12 per cent – almost three and a half million people – claim that this has happened to a work colleague.

Navigant Consulting warns that employees’ work habits and lack of awareness about security are increasingly putting companies and organisations’ confidential information at risk from opportunistic identity thieves. Andrew Durant, managing director in Navigant Consulting’s Fraud Investigations team, urges employers to make sure that basic measures are in place rather than obsess about complicated IT security.

“Our survey shows that 17 per cent of the British work force now uses a company laptop at home – that’s nearly five million people – and indicates that working from home is an established working practice rather than a trend,” says Andrew Durant. “Yet only 25 per cent of these said that their laptops are encrypted to protect the confidential information they contain”.

“In addition, more than 11 million employees – 39 per cent of workers and/or their colleagues – save data onto a PDA, thumb-drive, CD, or other device, to work from home. It is unrealistic to expect employees to stop using technology to work more flexibly, and frankly reckless for companies not to put measures in place to protect their confidential information in view of this change in working habits.

“Information security is a complex and expensive area, and I can understand why businesses want to bury their heads in the sand. But most frauds perpetrated using stolen confidential information can be prevented by taking some simple, common sense measures,” claims Durant.

In the first half of 2007 reported stolen data included:

• confidential information found in a skip outside a bank


• computer back-up tapes stolen from a contractor’s van


• confidential information stolen from an employee’s laptop following a house burglary


• payroll and pension data from three stolen laptops


• mortgage details in documents stolen from an employees briefcase in a theft from a car.

Other work practices which are considered risky include employees sending documents containing confidential information to their own or other people’s personal web mail accounts such as Yahoo! or Hotmail for work reasons – 15 per cent of British workers, approximately 4.3 million people admit to doing this; and allowing company laptops to be used by friends and family. As many as 29 per cent of employees who use a company laptop at home are happy to let others use their work laptops – more women than men are content to let this happen (37% and 25% respectively).

“Both of these practices illustrate how organizations are losing control of their confidential information as data flows out of the organization and into the hands of individuals who may have no relationship or loyalty to the owner of the information,” says Durant.

Basic security is also failing in the work place according to Durant: “Identity fraudsters and organised criminals place bogus employees, and bribe temporary staff or even disillusioned employees to steal information from the inside.

Sign up to our weekly round-up of HR news and guidance

Receive the Personnel Today Direct e-newsletter every Wednesday

Email(Required)

OptOut

From time to time, we will send you emails about selected products, events and services from Personnel Today and OHW+ - but you can choose to opt-out at any time. If you do not wish to receive these emails, please tick this box.

Name

This field is for validation purposes and should be left unchanged.

Δ