Local authorities, private companies and public bodies which allow staff to work from home could face crippling financial penalties if they ignore data protection, warn leading information security experts.
by Paul Watson
Thousands of people looking to save money on the commute to the office by working from home are risking financial disaster for their employers, claim security professionals.
New legislation due to come into force later this year will result in public and private organisations facing massive fines based on a percentage of turnover if they breach the Data Protection Act.
The size of the punishment is intended to mirror those of the Financial Services Authority which has the power to impose fines of over ยฃ1million.
Cybercrime is estimated to cost UK business more than ยฃ8.5billion a year and a lack of security awareness among an estimated 5 million home-workers in the UK is fuelling the boom in fraud.
A recent CBI survey found almost half (46 per cent) of all employers now offered staff the chance to work from home, a dramatic increase from just 14 per cent two years ago.
However, while allowing staff the chance cut their carbon footprints or avoid a troublesome commute many bosses are putting their businesses at risk.
โCompanies who allow staff to work from home could be considered reckless if they donโt have proper policies in place to ensure data is secure, accessible only by authorised users and encrypted where necessary,โ said Sarah Dougan, Managing Director of E-Security Exchange.
โMost people who work from home use their own equipment and if the rest of the family have access to it there may be an argument that the data is no longer secure.
โStandard IT procedures are more likely to be ignored as home workers and members of their family are prone to surf the net and download virus-infected programmes. This is an attractive target for online criminals who have already been active on social networking sites and virtual communities. All it takes is for a teenager to use the computer and download an infected programme from a site that has been compromised for crooks to access sensitive data used by a parent for work.
โWhen personal information and financial details are worth so much on the black market, the chances of an organisation falling victim to crime are getting higher every day. Too many companies remain complacent about the threat of online crime and information security,โ said Ms Dougan.
According to broadband research firm Point Topic around 4.3 million households in Britain โ 18 per cent of all homes in the country โ contain someone working from home.
However, a recent study found 80% of Britons fail to implement any computer security precautions when working from home, making them easy targets for hackers.
โPeople buy a computer and get six months free anti-virus software and then donโt bother to renew it. Itโs a scary statistic but realistic,โ said Dr Guy Bunker, Chief Scientist with security software specialist Symantec.
โWireless is a major problem. A lot of it is still not secured in the home and that is certainly a way for criminals to get into the corporate network through the home network.โ
Recent research by Price Waterhouse Coopers for the Government stated that each year up to 96 per cent of large companies, with more than 500 staff, experience some form of security breach.
However, itโs estimated that less than 50 per cent of organisations provide home workers with e-mail encryption software or use any form of biometric authentication.
Very few companies ever bother to inspect the remote work-stations of staff, monitor data access or insist that employees out of the office only have access to information essential to do their jobs.
โWe still find people employed by companies who havenโt got around to putting firewalls on their computers,โ said Stuart Hadley, a spokesman for the Serious Organised Crime Agency (SOCA)
โCompanies have to be on their toes particularly ones that start off very small with adequate security but then grow. They must ensure their security grows with them or risk falling foul of the law.โ
Standard IT procedures are more likely to be ignored as home workers are more prone to surfing the net and downloading virus-infected programmes.
The UK Information Commissioner can now impose hefty fines on those who intentionally or recklessly disclose information contained in personal data to another person; repeatedly and negligently allow information to be contained in personal data to be disclosed and whose deliberate or reckless actions result in breaches of the Data Protection Act.
According to the Information Commissionerโs Office the change in the law is intended to make clear to businesses and organisations that data protection is a top priority and that any hint of a cavalier attitude to the handling of peopleโs personal information will be treated seriously.
โThis new power will enable some of the worst breaches of the Data Protection Act to be punished,โ said David Smith, Deputy Information Commissioner.
โBy demonstrating that the law is being taken seriously tougher sanctions will help reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properlyโ
ENDS
