Organisations are becoming increasingly aware and worried about the loss of information, for example many have implemented rules restricting the use of social networking sites. Security firm Scansafe reported that 20% more organisations are blocking social web sites than were 6 months ago, with the primary concerns being loss of sensitive data, malware and bandwidth use.
Organisations who are aware that their staff use social networking sites would do well to provide security advice to protect the organisation and the individuals, particularly as it was recently revealed by Webroot (an internet security software provider) that at least a third of social web site users have at least three pieces of information that could make the individual vulnerable to identity fraud. The loss of sensitive information from organisation has also led to the use of network tools to monitor employee activity including e-mail and web surfing but care is required and the use of masking or anonymising is recommended until issues are detected and then legal advice and company policies should be reviewed before investigations are conducted.
The picture across Europe makes the situation more complex for example in France and the Netherlands filings are required with labour authorities and increasing concerns over data protection has seen the rise of legislation in Germany to strengthen the position of data protection officers – a position which is mandatory in Germany and the French Government are also considering the introduction of data protection officers in organisations with more than 50 employees. Additionally France, Germany, Italy and the Netherlands require employers to consult with and/or notify trade unions before using any form of surveillance.
The best strategy is to be open and advise employees throughout, liaise with representative bodies and if necessary develop policies and written permissions from individuals to enable the organisation to protect itself and its employees. The more transparent the process the better with the benefit of possibility deterring employees from transgressing.
The growth in the number data champions and the take up of ISO27001 to better protect data and to ensure compliance with legislation indicates how seriously organisations are taking data loss. Reports of web surfing exposing systems to attacks from executable files and malware means that it is not just a case of monitoring what is going on but also educating all employees about the risk both inside and outside of the work environment.
