Daily Archives: 10/11/2014

Ward Security champions personal safety initiatives in Kent and Berkshire

National security provider Ward Security has launched a personal safety initiative with schools and businesses in Kent and Berkshire as part of its ongoing commitment to improving safety in the local communities where the company is operational.

The initiatives have coincided with the clocks going back and the end of Daylight Saving Time, and promote the importance of maintaining personal safety while people are walking to school or work during the darker nights.

Meadow Vale Primary School in Bracknell and Northborough Junior School in Maidstone both held an assembly as part of Ward Security’s specialised school safety initiative, the Walk to School ‘Be Safe’ Campaign, which included safety talks from Ward Security personnel to everyone at the school with the support of local Police Community Support Officers. Children were told of the importance of walking to school safely and provided with information leaflets and fluorescent ‘glow in the dark’ keyrings to place on their school bags.

Ward Security has been raising awareness of security issues across local communities

Ward Security has been raising awareness of security issues across local communities

Police Community Support Officer Daemon Farry from Bracknell Police said: “Walking to school in the darker months can be a daunting and unnerving experience for young children. It’s really great to see a local company like Ward Security taking such an interest and proactively helping to promote awareness of the importance of walking safely when pupils are on their way to and from school. The school children were really engaged with the talk and the keyring giveaway will hopefully serve as a good reminder to them when they’re walking to and from school.”

Personal safety for business employees

Ward Security has also visited Brachers in Maidstone, Kent to promote the importance of personal safety. The company handed out free torches to employees at the law firm’s offices, as well as personal safety Best Practice guideline sheets to provide general reassurance for those members of staff making their way to and from the office as the nights draw in.

Denise Hooton, associate director of marketing at Ward Security, commented: “As a security company we are keen to ensure wherever we operate that we’re helping to promote safety awareness in the local community. The Walk to School ‘Be Safe’ Campaign and Brachers torch giveaway events went extremely well. We hope the information provided goes some way towards reassuring and protecting children and adults as they travel to and from school and work.”

Joanna Worby, managing partner at Brachers, added: “We’re always concerned to ensure the safety of our staff and were delighted to work with Ward Security on helping to raise awareness of personal safety issues.”

The torch giveaway follows on from a number of initiatives created by Ward Security to improve personal safety awareness at a number of locations near their Bracknell and Manchester offices over the past year.

Leave a comment

Filed under Risk UK News

“Organisations must act now to avoid hackers’ oldest trick in the book” urges ICO

The Information Commissioner’s Office (ICO) is warning organisations that they must make sure their websites are protected against one of the most common forms of online attack – SQL injection.

The warning comes after the hotel booking website, Worldview Limited, was fined £7,500 following a serious data breach where a vulnerability on the company’s site allowed attackers to access the full payment card details of 3,814 customers.

The data was accessed after the attacker exploited a flaw on a page of the Worldview website to access the company’s customer database. Although customers’ payment details had been encrypted, the means to decrypt the information – known as the decryption key – were stored with the data. This oversight allowed the attackers to access the customers’ full card details, including the three digit security code needed to authorise payment.

Christopher Graham: the Information Commissioner

Christopher Graham: the Information Commissioner

The weakness had existed on the website since May 2010 and was only uncovered during a routine update on 28 June 2013. The attackers had access to the information for ten days. The company has now corrected the flaw and invested in improving its IT security systems.

Worldview Limited would have received a £75,000 penalty but the ICO was required to consider the impact any penalty would have on the company’s financial situation.

Attacks are preventable

Simon Rice, the ICO’s Group Manager for Technology, said: “It may come as a surprise to many in the IT security industry that this type of attack is still allowed to occur. SQL injection attacks are preventable but organisations need to spend the necessary time and effort to make sure their website isn’t vulnerable. Worldview Limited failed to do this, allowing the card details of over 3,000 customers to be compromised.”

Rice added: “Organisations must act now to avoid one of the oldest hackers’ tricks in the book. If you don’t have the expertise in-house then find someone who does, otherwise you may be the next organisation on the end of an ICO fine and the reputational damage that results from a serious data breach.”

Leave a comment

Filed under Risk UK News

Scottish Parliament debates fire risk assessment procedures ten years on from Rosepark Care Home tragedy

Ten years after the fatal fire at the Rosepark Care Home in Lanarkshire, Scotland, MSP Michael McMahon has tabled a Parliamentary Motion (debated in the Scottish Parliament on Wednesday 29 October) recommending that all fire risk assessors should be qualified and, preferably, third party certificated.

The fire at Rosepark on 31 January 2004 claimed the lives of 14 elderly residents after flames broke out in a cupboard and subsequently ripped through the building. In support of his Parliamentary Motion, McMahon pointed out that one key finding of the fatal accident enquiry into Rosepark was that the fire risk assessment had been inadequate and the person who carried it out wasn’t qualified to do so.

The MSP for Uddingston and Bellshill in Glasgow believes an awareness campaign would help Duty Holders responsible for care homes to understand the contents of the guidance and those at commercial premises to appreciate the requirements placed on them by the Fire (Scotland) Act 2005. McMahon’s Parliamentary Motion also highlights the contents of the Scottish Government’s Practical Fire Safety Guidance for Care Homes, published back in March this year.

McMahon acknowledges that there has been progress since the fatal Rosepark fire, but added: “Fire risk assessments in complex buildings such as care homes are challenging exercises. The Duty Holder has to rely heavily on the capabilities and competencies of the fire risk assessor. How can the Duty Holder be confident that the fire risk assessor is competent and the advice given is up to standard and up-to-date?”

The fire at Rosepark in January 2004 claimed the lives of 14 elderly residents after flames broke out in a cupboard and ripped through the building

The fire at Rosepark in January 2004 claimed the lives of 14 elderly residents after flames broke out in a cupboard and ripped through the building

According to the MSP, third party accreditation is the only way forward and McMahon is now urging the Scottish Government to take immediate action by:
*Launching an awareness campaign (including direct contact through leaflets and via the Scottish Fire and Rescue Service) demonstrating to businesses the need for fire risk assessments
*Embracing and advocating third party certification
*Consulting the industry and stakeholders to make third party certification mandatory before an assessor can offer fire risk assessment services

Acting decisively to prevent further fires

McMahon feels that much has been done since the Rosepark tragedy, but stresses that more needs to be achieved in the area of fire risk assessment. “We owe it to the memory of those who lost their lives in Rosepark ten years ago, and their friends and relatives, to act decisively and prevent further fires,” urged the MSP.

The Parliamentary Motion was supported by Margaret Mitchell MSP, who commented: “Ten years on from Rosepark, it’s appropriate to evaluate whether or not there are sufficient requirements placed on care homes to prevent such an accident from happening again.”

MSPs Kenneth Gibson and Siobhan McMahon have also supported the Motion, stating that more can be done and that there’s no room for complacency. They agree that third party certification is the best way forward.

Community safety minister Roseanna Cunningham responded by saying that much had already changed. The minister added that the Regulatory Review Group is currently looking at fire safety legislation and is due to report back early next year. Cunningham has promised to write and ask the group to look at fire risk assessment as part of that extensive review.

In a bid to remove potential fire hazards, commercial buildings and non-domestic premises in Scotland are already forced to carry out a fire safety risk assessment under the Fire (Scotland) Act 2005 in conjunction with the Fire Safety (Scotland) Regulations 2006. If the assessment is thought to have been carried out to an insufficient extent, the enforcing authority has the power to prosecute the Duty Holder.

Leave a comment

Filed under Risk UK News

Survey finds Londoners ready to tackle the terrorist threat

A survey has revealed that nearly three quarters (73%) of individuals who live or work in the City of London are concerned about terrorism compared to 68% of all London adults. An even greater number of Londoners (87%) think that members of the public are important in fighting terrorism, with nearly three quarters (73%) of survey respondents stating they’re likely to report suspicious behaviour to the police.

The survey, undertaken after the UK terrorist threat level was raised from ‘Substantial’ to ‘Severe’, shows that the message from the City of London Police to remain vigilant at all times is one shared by the public. The survey also highlights a gender bias, with 76% of women concerned about terrorist attacks compared to only 59% of men.

The City of London Police continues to pioneer a new and innovative approach to deter terrorism and detect crime through Project Servator. This involves joint deployments with the British Transport Police (BTP) as well as private sector security officers from hundreds of businesses to ensure a ‘Ring of Steel’ around The Square Mile.

Adrian Leppard: City of London Police Commissioner

Adrian Leppard: City of London Police Commissioner

Adrian Leppard – Commissioner of the City of London Police – explained: “Members of the public should be vigilant to the threat posed by terrorism. This survey shows that they are willing to work with the police to prevent such attacks. The people of London are resilient and knowledgeable about the risks from terrorism and know they are key to helping fight that threat.”

Commissioner Leppard added: “Project Servator’s success lies in the partnership between the City of London Police and British Transport Police working with the private security industry, businesses and the public to create a ‘Ring of Steel’ around The Square Mile.”

Project Servator: the detail

Project Servator uses behavioural detection officers and specialist teams to spot suspicious activity and has already led to a total of 98 arrests and 31 cars being seized since launch in February of this year.

Servator involves new tactics and cutting-edge training for police officers that will help deter people from carrying out hostile reconnaissance and detect those with malicious intent. It also increases the opportunity for interaction between police officers and members of the public, provides further reassurance to the public and helps deter and detect other criminal perpetrators.

Hostile reconnaissance is the purposeful observation of people, places, vehicles and locations with the intention of collecting information to inform the planning of a hostile act against a target. Criminals – whether extreme protest groups, organised crime groups or terrorists – have to conduct hostile reconnaissance in order to plan a successful attack. If they can be disrupted and deterred at an early stage, it’s likely that they will abandon their plans.

Following three years of intensive work and study by a Government organisation, the City of London Police ran an initial pilot scheme which heralded a change in the way police use tactics to deter hostile reconnaissance. Due to the way in which the scheme works, these tactics should also have beneficial effects on crime in general.

*Unless otherwise stated, all figures are from YouGov plc. The total sample size was 2,076 London adults. Fieldwork was undertaken between 24-30 October 2014. The survey was carried out online. Figures have been weighted and are representative of all London adults (aged 18+)

Leave a comment

Filed under Risk UK News

Government minister urges crackdown on ‘free movement of serious criminals’

Karen Bradley – the Minister for Modern Slavery and Organised Crime – has urged that more information on serious criminals must be shared across Europe in order to protect members of the public.

Bradley has also called for action to stop those responsible for crimes including murder, rape and child abuse from being able to cross national borders either to escape justice or prey on new victims.

Speaking to delegates at a conference in The Hague, the UK MP explained: “We must all face up to the fact that, while free movement is seen by many in Europe as having only positive impacts, there are some very clear negatives – not least of which is the ability for criminals to exploit this freedom of movement and further their own illegal activities across borders.”

Bradley continued: “If we’re to tackle this problem properly then the free movement of information needed to combat criminality must work as effectively – and, ideally, more effectively – than the free movement of criminals.”

Serious Offending by Mobile European Criminals Project

The minister told the final meeting of the UK-led Serious Offending by Mobile European Criminals (SOMEC) Project that great improvements had already been made on the sharing of information, but that more needs to be done.

Bradley stressed the importance of the UK remaining part of a number of crime and policing measures that Parliament will vote on and which have greatly improved our ability to find out about foreign offenders who move to the UK.

Karen Bradley MP

Karen Bradley MP

“Public protection must not be lost in a wider debate about the UK’s place in Europe,” stated Bradley. “More must be done to prevent offenders like paedophiles, rapists and murderers from exploiting free movement rights to slip unnoticed into another nation where they can then prey on unsuspecting new victims. It’s vital we know when these predators arrive on our shores. We need more powers to tackle them, not fewer. That’s why it’s in the public interest – and is absolutely essential – that the UK remains a part of key European measures.”

In conclusion, the MP commented: “Failure to do so would send us back to the Dark Ages of being unable to find out anything about foreign criminals who’ve moved to our country, in turn making it impossible to act against them. There’s no doubt that this would carry a serious public protection risk and could even cost lives.”

Management and exchange of data

The SOMEC Project was established to examine the management and exchange of data on mobile serious sexual and violent offenders across Europe. Final recommendations on how improvements can be made are expected to be published in early 2015.

Parliament will vote today (Monday 10 November) on a small number of EU crime and justice measures the Government intends to remain part of in the public interest after opting out of a much larger number.

Parliament will vote on Monday 10 November on a small number of EU crime and justice measures the UK Government intends to remain part of in the public interest after opting out of a much larger number

Parliament will vote on Monday 10 November on a small number of EU crime and justice measures the UK Government intends to remain part of in the public interest after opting out of a much larger number

The measures the UK intends to remain part of include the Swedish Initiative, the Second Generation Schengen Information System (SIS II) and the European Criminal Record Information System (ECRIS). These have all been identified by the SOMEC Project as being important existing tools that should be used more effectively across Europe so as to track mobile serious criminals.

Leave a comment

Filed under Risk UK News

BCI: “Don’t wait for an emergency to prepare an emergency communications plan”

A newly-published report from the Business Continuity Institute (BCI) highlights the fact that, while overall results indicate a good uptake of emergency communications planning, a significant minority of companies remain passive or have difficulty securing management buy-in.

Supported by Everbridge, the report concludes that emergency communications remain an essential part of any business continuity programme. This research demonstrates that, while a great majority of companies are aware of the importance of such communications, there are some gaps in implementation that demand to be addressed.

In order to be effective, emergency communications plans must be continuously updated to reflect the risks that a business faces and embedded well enough within the organisation. Relevant training and education programmes – as well as ensuring top management buy-in – are necessary in promoting a culture of awareness and reducing the risk of communications failure during incidents.

It’s worrying to note that, among those organisations without an emergency communications plan, two-thirds (63.4%) of them would only consider adopting one after a business-changing event. Something akin to shutting the stable door once the horse has bolted. This could have dire consequences as previous BCI research suggests that business-affecting events may often severely affect an organisation’s viability.

A newly-published report from the Business Continuity Institute highlights that, while overall results indicate a good uptake of emergency communications planning, a significant minority remain passive or have difficulty securing management buy-in

A newly-published report from the Business Continuity Institute highlights that, while overall results indicate a good uptake of emergency communications planning, a significant minority remain passive or have difficulty securing management buy-in

Further findings from the report are as follows:

• In a sign of growing awareness, only less than 13.5% of organisations surveyed do not have an emergency communications plan in place
• Emergency communications plans are quite comprehensive in their scope. At least 70% of organisations have plans covering the following threats: IT outages (81.2%), fire (77.8%), power outages (76.2%), weather-related incidents (75.6%), natural disasters (74.9%) and security-related incidents (70.0%). These mirror the top three causes of business disruption as reported by respondents in the last 12 months: IT outages (59.8%), power outages (51.6%) and weather-related incidents (47.2%)
• Almost one fifth of respondents (18.7%) belong to organisations where more than 500 staff members travel internationally on a regular basis. More than 30% report travelling to ‘high risk’ countries
• Almost two-thirds of companies (64.7%) report having training and education programmes in place related to emergency communications. Most have regularly scheduled programmes (64.2%)
• Around 15% of organisations regularly schedule exercises of their emergency communications plans. Most schedule their exercises once a year (55.8%). This is a worrying finding considering that almost half of organisations (49.6%) are likely to invoke their plans more than once during any given year
• More than 70% of organisations take 30 minutes or less to activate their emergency communications plans. Nonetheless, more than a quarter of organisations (27.4%) do not request responses from their staff in the event of an incident or have defined acceptable response rates (28.2%)
• Social media appears to play an important role in an emergency communications plan. 42% of respondents report using social media to monitor their staff during emergencies and almost a third (31.6%) use it to inform stakeholders

Benchmarking of arrangements

Patrick Alcantara, research associate at the BCI and author of the new report, commented: “This survey is seen as the first step towards benchmarking an organisation’s emergency communications arrangements. It’s hoped that it will allow companies to take a second look at their emergency communications capabilities and introduce improvements that will rebound to their benefit. Given how emergency communications may improve survival during extreme situations, it’s important that organisations take heed and aspire towards a robust capability before it’s too late.”

In a sign of growing awareness, only less than 13.5% of organisations surveyed do not have an emergency communications plan in place

In a sign of growing awareness, only less than 13.5% of organisations surveyed do not have an emergency communications plan in place

Imad Mouline, CTO at Everbridge, added: “Fluctuating global threat levels, sophisticated cyber attacks and an ever-growing mobile workforce present increasingly diverse and complex risks to business interests. In this unpredictable environment, business continuity practitioners are consistently faced with the challenge of planning for the unexpected while ensuring the safety of their staff and communities and protecting their businesses from both financial loss and reputational damage. Undoubtedly, this survey provides a benchmark for emergency communications planning.”

This is the first dedicated piece of research into understanding the emergency communications plans of a wide range of organisations and learning how they’re integrated within wider recovery programmes. The results support the anecdotal feedback from the industry, demonstrating that such plans form an established and vital element of continuity plans for medium-to-large size enterprises while also offering some practical ideas for those looking to improve their capabilities in this area.

Leave a comment

Filed under Risk UK News

UK retailers lose £2.7 billion to shoplifting, employee theft, internal fraud and administrative errors in last 12 months

According to the latest Global Retail Theft Barometer, shrink – comprised of shoplifting, employee theft, vendor or supplier fraud and administrative errors – has cost the retail industry more than £81 billion worldwide in 2013 and £2.7 billion in the UK alone. This represents 0.97% of all UK retailer sales on average.

Underwritten by an independent grant from Checkpoint Systems, the research was carried out in 2014 by The Smart Cube and Ernie Deyle, a retail loss prevention analyst. It’s based on in-depth phone and written survey interviews conducted in 24 countries among 222 retailers responsible for no less than £475 billion in sales.

The average cost of retail crime per person (which, unlike shrink, is based on dishonest employees, shoplifters, fraudulent suppliers and the cost of loss prevention) across the 24 countries surveyed ranged from £46 to £338. The annual cost of retail crime to UK shoppers, as passed on from retailers, averages £80.00 per person.

Shrink appears to be down slightly in most countries. The lowest shrink rates were recorded in Norway (.83% of retail sales) followed by Japan and the UK (.97%). The US came in at 1.48% of retail sales, down slightly from 1.50% last year. The highest rates were recorded in Mexico (1.70%) and China (1.53%).

Shrink (comprised of shoplifting, employee theft, vendor or supplier fraud and administrative errors) cost the retail industry more than £81 billion worldwide in 2013

Shrink (comprised of shoplifting, employee theft, vendor or supplier fraud and administrative errors) cost the retail industry more than £81 billion worldwide in 2013

Russell Holland, vice-president of sales for the UK and EMEA distributors at Checkpoint Systems, said: “Over the last year, retailers in the UK have been taking great strides and made substantial investments in the fight against retail crime. Many UK retailers reported that improved security methods have helped them to keep losses under control. We’re also seeing retailers invest in their employees’ education and understanding of loss prevention, marking an encouraging step in the fight against retail crime in the UK.”

While shoplifting remains the biggest cause of all retail shrink in 16 of the 24 countries surveyed, here in the UK both administrative and non-crime losses ranked first (at 36.5%) with shoplifting next on the list (at 25.3%).

Stolen merchandise: the most popular items

The most-stolen items across Europe are those products that are easy to conceal and harbour a good resale value, such as fashion accessories, wines and spirits. Other frequently stolen products include power tools, mobile accessories and make-up products.

Survey respondents state that source tagging – the application of EAS or RFID labels on goods prior to their arrival at retail stores – has increased around the globe. Such tagging is currently used on high value and high theft items like meat, health and beauty products and alcohol.

80% of UK retailers are source-tagging up to 10% of products. A further 20% are source-tagging over 20% of all merchandise. In addition, 50% of European retailers plan to increase the number of source-tagged SKUs.

According to The Smart Cube: “This report provides detailed descriptions of the sources of shrink and helps retailers understand the most cost-effective ways of addressing their problems. A number of Best Practices emerged from our research, including appropriate spending ranges to address the issue.”

Alcohol is a prime target for thieves

Alcohol is a prime target for thieves

“We’re pleased to support this global statistical research for the thirteenth year,” said Per Levin, president and chief sales officer for shrink management and merchandise visibility solutions at Checkpoint Systems. “Our hope is that retailers can learn more about the causes of shrink and work with their suppliers and solutions partners to create joint programmes designed to reduce shrink and its associated costs.”

Interested parties can obtain a copy of the latest Global Retail Theft Barometer report by logging on at: http://www.GlobalRetailTheftBarometer.com

*Retailers wishing to participate in next year’s Global Retail Theft Barometer study may register here

Leave a comment

Filed under Risk UK News

Two-thirds of UK companies fail to check employee references ahead of start dates

According to new research conducted by HireRight – the leading global due diligence organisation – most UK companies are failing to check references before new employees start in their roles and are struggling to respond to other companies’ reference requests.

The Point of Reference research suggests that two-thirds (66%) of new employees begin work before their reference checks are complete. Two-in-five (39%) of Human Resources (HR) function leaders believe this is normal practice within their industry.

However, such checks are absolutely vital. The HireRight study reveals that more than half (58%) of successful applications contain errors*. In tandem, one third (36%) of HR leaders admit they need a clearer way of identifying job candidates with malicious intent.

Steve Girdler, managing director (EMEA) at HireRight, explained: “References reveal important details about an individual’s history and help employers ensure they can trust the people they allow to work with their customers, clients and colleagues. By failing to carry out due diligence before people start work, companies risk hiring individuals unable to fulfil the duties of their respective roles, who may commit fraud or theft or even damage customer relationships.”

Steve Girdler: managing director (EMEA) at HireRight

Steve Girdler: managing director (EMEA) at HireRight

Girdler added: “A great deal of damage can be done between the moment an employee starts at a new company and when referencing requests are completed.”

‘Administrative burden’ on HR Departments

HireRight’s Point of Reference research results are based on the perspectives of senior HR leaders in some of the UK’s biggest companies. The results also highlight that reference checking is an administrative burden on many HR Departments at a time when they’re already struggling to find enough hours in the day for important strategic work.

One third (31%) of HR Departments are ‘bogged down’ with responding to queries about references. In a quarter (27%) of cases, employees have complained to their managers about the amount of time they spend working on such requests.

Many HR Departments simply don’t have the spare capacity when one third (34%) of their time is spent on administrative tasks. HR leaders themselves estimate they spend an average of two hours and 12 minutes every day on what might be described as ‘low value’ work.

This latest Point of Reference research is based on detailed interviews with 140 senior HR leaders in both regulated and non-regulated UK companies boasting more than 5,000 employees.

*The inaccuracies figure quoted is based on the analysis of data from candidate due diligence programmes, with this quarter’s findings focused on 121,000 checks of almost 34,000 applications between July and September 2014

Leave a comment

Filed under Risk UK News

“Remote working places business data at risk” reveals Imation Corporation Survey

According to new research initiated by global data storage and information security company Imation Corporation, poor security and impugned responsibility are placing business data at risk for those working remotely. Staff are taking confidential information away from the office, often without the knowledge of their employer, and losing unsecured and unencrypted business data in places such as pubs, on trains and in hotels.

According to the survey of 1,000 office workers* from the UK and Germany, nearly two-in-five of respondents (or someone they know personally) have lost or had a device stolen in a public place. Three quarters of these devices – among them laptops, mobile phones and USB sticks – contained work-related data. This included confidential e-mails (37%), confidential files (34%) and customer data (21%).

Around one-in-ten interviewees had lost financial data or access details such as login and password information, potentially exposing even more confidential information to the risk of a data breach.

What makes these findings even more concerning is that a large proportion of data removed from the workplace isn’t adequately secured. As many as three quarters of respondents said they had taken digital files with them outside of work, yet many do not use standard security measures such as encryption, password protection or remote wiping to protect that data from unauthorised access.

One-in-four employees interviewed for the Imation Corporation’s survey admitted breaking security policies to work remotely while the majority were not concerned about losing confidential business data

One-in-four employees interviewed for the Imation Corporation’s survey admitted breaking security policies to work remotely while the majority were not concerned about losing confidential business data

Nearly half (44%) of respondents said that data is never encrypted when taken out of the office. Three out of every ten respondents admitted they don’t protect their data with passwords, while nearly one-in-ten workers who take digital files outside of the office do not secure them at all.

Office workers, it seems, are not losing any sleep over losing confidential business data when they take work home, with only one-in-16 worrying about this massively important issue.

Lack of understanding around corporate data security

“Companies may not be aware of the amount of data that’s leaving offices unsecured,” said Nick Banks, vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions. “In addition, half of respondents said that, at least some of the time, nobody would notice if they were to take data away from the office and lose it. It’s obvious that poor security and lack of understanding of what happens to corporate data are placing organisations at risk of a data breach.”

Even though eight-in-ten of the employees interviewed read or write work e-mails on the move, and around seven-in-ten work on electronic documents away from the office, businesses are failing to provide their employees with secure tools for remote working and not putting the right security policies in place.

Fewer than six out of every ten respondents said their organisation had a remote working policy in place. Of those employees working for companies that do have a policy, more than a quarter of interviewees admitted they’d broken that policy in order to work remotely. Of those staff questioned, 8% had knowingly broken the policy and a further 18% say they’d unknowingly broken it.

Equally, of those individuals who do secure data that they take outside of the office, just over half said that their employer or a third party supplier provides the remote working security measures. One-in-five respondents reported that just they themselves provide the security measures.

“These figures emphasise the urgent need for businesses to ensure that their employees have the necessary systems in place to work flexibly and securely without further hindering productivity,” asserted Banks. “The reality is that people are working in cafes, on aeroplanes, in their GP’s waiting room and even while they take their children to the park. Organisations are tasked with a monumental challenge of providing secure access to corporate networks and data. Data protection is now a huge concern for employers who are battling to manage security and privacy for employees on the move.”

Nearly half (44%) of survey respondents said that data is never encrypted when taken out of the office

Nearly half (44%) of survey respondents said that data is never encrypted when taken out of the office

Key highlights of the research

Other research highlights are as follows:
• As many as 41% of interviewees suggested that they either do not have the right tools available to work remotely or that their solutions for doing so could be improved
• Three-in-five respondents would tell their boss if they lost a storage device with company data on it. However, nearly one-in-ten would do nothing. Less than one third of survey respondents said they have policies that dictate who should be notified depending upon the type and sensitivity of the data lost
• Almost a quarter of respondents have looked over the shoulder of someone working on a laptop/tablet in a public place or noticed someone looking over their shoulder while 6% would let someone else use their work laptop, tablet or smart phone outside of the office
• Around half (48%) of respondents that take digital files with them outside of the office do not fully separate their work and personal data, in turn placing their personal data at risk of being wiped when business data is compromised
• Only 70% of respondents report that they protect their data with passwords and only 36% encrypt their data. A small proportion of respondents are using biometric technology (14%) or remote wiping (7%) to secure their data
• Public areas such as pubs, cafes and restaurants (22%) and public transport (29%) are some of the most common locations for respondents to read or write work e-mails when outside of their home

Nick Banks: vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions

Nick Banks: vice-president (EMEA and APAC) for Imation Corporation’s IronKey solutions

*The research consisted of 1,000 online interviews carried out this summer and involving office workers in businesses of at least 250 employees and covering a range of industry sectors. 500 respondents emanate from the UK and 500 respondents work in Germany. 80% of respondents were required to work remotely for at least part of their working week. Interviews were conducted online using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate

Leave a comment

Filed under Risk UK News