The gig economy has exploded in recent years and nowadays many companies of all sizes employ independent contractors in some capacity. Depending on your industry, hiring contractors brings many challenges not just to your workflow, but also to data security. It is not uncommon for independent contractors to have access to your network, systems, and applications. Your data security team needs to develop strategies according to established best practices. These strategies are similar to those employed when dealing with a remote workforce but are also designed to solve the unique challenges presented by the independent contractor as a potential insider threat.
Run Checks and Keep Records
With independent contractors especially, doing your due diligence during the hiring process is going to be critical. Run a background check and an identity check to screen for any red flags that the potential contractor might be unworthy of trust. If the contractor will require access to sensitive systems or data, ensure that they have signed an NDA and a policy document detailing best practices for the safe access of this data. And keep detailed records of all of your contractors who have access to your systems.
Use the Principle of Least Access
As with your normal full-time employees, the principle of least access should be the rule that governs how much of your systems your contractors can access. Restrict access to sensitive data and infrastructure as much as possible while allowing your contractors to do their jobs.
Coordinate with Your IT Team
With data security being so important, it’s critical to work closely with your IT and Systems Admin teams when onboarding and working with contractors. Have these teams manage and monitor the organizational accounts generated for the independent contractors and audit frequently.
Have a Plan for When the Relationship is Over
Eventually, you’ll need to end your organizational relationship to your independent contractor, so take the time to develop an offboarding plan for when this happens. One of the most important processes to undergo – ensure that all user names and passwords for an offboarded contractor are deactivated as soon as possible once their work is complete.
Learn More Advanced Tips and Strategies to Manage Insider Risk at ITMG’s Advanced Solutions Seminar
ITMG’s upcoming Advanced Solutions Seminar is designed to teach cybersecurity professionals how to achieve organizational security with our proven model to manage insider risk, the RiskTKO model. Reserve your spot today by visiting our training page here!
Contact ITMG to Assess Your Current Capabilities and Develop Strategies and Protocols Designed to Help Your Company Mitigate Your Insider Risk
ITMG is an industry leader in helping organizations throughout the United States strengthen their insider risk management programs and secure sensitive data and intellectual property. Our team of bona fide experts has the real-world experience necessary to plan out and create holistic security solutions tailored to the special needs and risks in your industry. Contact ITMG today to learn more about how we can help! You can also visit our Facebook, Twitter, and LinkedIn pages for more updates and insights into the world of insider risk management.