In a previous post, we highlighted the rise of the remote worker and the resulting implications to information security. Let’s take a look at a specific example – freelance workers –  and highlight recommendations on what employers and these types of workers should do to ensure cyber security.

The rise of the ‘gig economy’ – the growing prevalence of short-term and freelance workers in the workforce – creates two unique challenges for businesses.  Beyond the obvious dispersed nature of the workforce and how that makes it difficult to control the work environment and technologies used, businesses face a potential impact to engagement.

Andrea Broughton, principal research fellow at the Institute for Employment Studies, warns gig workers may feel less a ‘part’ of the business than their permanent colleagues. “This means that they may have less loyalty to their employer and be less likely to act in accordance with the values of the business,” she says.

Businesses can look at ways to combat the disconnect (through video meetups, in-person gatherings, etc), but this danger of disconnectedness poses significant impact to cyber and information security.

So, what are the responsibilities of both parties in ensuring security? Here are some suggestions.

Employers should …Gig workers should …
  • Start before onboarding by vetting your prospective hire. At the time- and cost-intensive end of the vetting spectrum is a background check. At the opposite end, you can review your candidate’s online profiles.
  • Ensure gig workers receive – and confirm – the same security policy information as their employee counterparts.
  • Consider giving your gig workers access to the same security tools you give to employees.
  • Request access to your client’s security policies to help you ensure compliance.
  • Ask your client if you are permitted access to the company’s security resources as a freelancer.
  • Discuss the very real consequences of a breach and how it impacts the freelancer by causing lost work and rework.
  • Mandate that your gig workers complete your security awareness training, and ensure these workers receive all of your awareness updates.
  • Adopt a ‘security mindset’ and protect your freelance business by staying up to date. CERT provides an updated list of alerts and vulnerabilities.
  • Follow your client’s guidelines and policies, and take advantage of their training offerings to make yourself smarter about threats.
  • Ensure gig workers execute appropriate consulting agreements, such as nondisclosure agreements.
  • Consider acquiring business insurance to help protect you in the event of data loss.
User Access and Compartmentalization
  • Ask ‘What systems and what data does this freelancer need to access to do his job?’ and restrict access based on the answer.
  • Implement two-factor authentication to augment protection: when remote workers request access to your network, they are then presented with a login/password prompt and a secondary passcode in order to gain access.
  • If a freelance worker has privileged user access, use online monitoring software to proactively listen for suspicious activity.
  • Take advantage of two-factor authentication, or use a password manager to help in management of complex passwords.
  • Share corporate backup procedures and tools with freelancers.
Secure Transfer, BYOD, and Software Updates
  • Require freelancers to login to your network via an VPN.
  • Craft and share a BYOD policy that dictates use of personal devices to access data.
  • Enable Automatic Updates to keep your operating system and other software up to date.
  • Compare any work hour data captured against your log and promptly raise any discrepancies.
  • Notify IT when the freelancer’s role is ending so that access can be revoked.
  • If your client doesn’t promptly revoke access, resist the urge to use your credentials to check up on a job or project.

Ensuring cyber security is an all-hands-on-deck situation that requires not just leadership and employees, but also the freelance workers who are contributing. A clear understanding of how both organizations and freelancers impact security can be a helpful first step to successful – and safe – engagements.

Remote Workers and IoT Security: Is Their Smart Fridge a Threat to Your Business?
Important Tools to Help Take Your Business Remote