If you think your remote workforce only comprises employees working from home (WFH), think again.
Many companies are contracting work to external service providers, such as freelancers, agencies and consultants. Whether your business is a startup, an SME, or a large enterprise, you may be among the 80% of businesses that regularly engage freelancers and enjoy some of the benefits such arrangements offer. These outsourced supports contribute as your remote workforce, which is thus never zero even if all your staff work in the office - and they could be a valuable asset to the organisation.
However, they also come with risks.
Should you be concerned?
To outsource a task or a project, companies are required to share information. Maintaining flexibility and productivity without sacrificing confidentiality and cybersecurity may be a challenge.
Your business’ intellectual property, details of its activities, clients’ data, industry expertise, and strategic plans constitute strictly confidential information. The loss, theft, or sale to a competitor of any of that information could lead to financial losses, legal action, reputational damages, or even liquidation.
The productivity afforded by a distributed workforce is enabled by moving operations and data out of the secured network to external devices or even to the cloud. In this context, cyber threats are not simply an in-house concern that could be mitigated with employee training and endpoint security. Addressing the burgeoning risks, Gartner identified the modern approach of cybersecurity mesh, which allows distributed enterprises to deploy security where it is needed, as the top security trend in 2021 . With off-site freelancers and contractors having access to your intellectual property and in-between communications, another set of techniques and tactics is required to work securely.
Could access to contractors open loopholes?
Freelancers and small firms usually are less security-sensitive. In fact, reports indicate that at least 43% of cyberattacks target small businesses . Some common unsafe practices observed include:
- connecting to public Wi-Fi in cafés and coworking spaces
- sharing unencrypted files on free cloud drives and email servers
- working with home-use applications and open-source tools
- working on phone and other mobile devices without anti-virus protection installed
- ignoring physical security practices in public places
- lack of security policies
- lack of cybersecurity training
This means all the security measures you implement in-house would not be effective when dealing with outsourced manpower, out of which 70% are unprepared to deal with a cyber-attack and are more vulnerable to cyber threats. Meanwhile, they have access to or hold a substantial amount of confidential information from various clients, such as commercial strategies and financial data, which raises the spectre of a data breach.
What should you do?
Hiring high-quality talent on a part-time or contract basis is a cost-effective way to power your business. So that you continue counting on their support, here are some recommendations to mitigate security risks and protect your business when hiring freelancers and contractors.
1. Educate your staff
Awareness training for employees could strengthen your defenes against 90% of data leaks caused by human error and prevent accidents. Begin an education program with internal staff to safeguard your intellectual property and train them on necessary protection measures when collaborating with external parties.
2. Assess your supplier
By conducting a supplier risk assessment and background check before you decide to work with a new contractor, you can learn about their regular security measures and data safekeeping practices. For IT-related consultants and service providers, a track record showing years of proven experience and certifications such as CompTIA and ISO could be further evidence of the quality of their security protocols.
3. Sign a contract and NDA
No matter how small or urgent your job is, it is always crucial to state the scope of work, clarify all the terms and conditions, claim the ownership of the work product , and enter into a formal contract that should describe the implications of sharing access to personal data to make sure you are compliant with privacy regulations such as Europe’s GDPR. Make also sure you enter into a non-disclosure agreement (NDA) to ensure all communications and confidential information that is shared between the parties are legally protected.
By signing these documents, not only are you protecting your business should things go wrong, it also sends a clear message to your service provider that you are serious about safeguarding your intellectual property. Those who agree differently may not be your ideal choice to work with.
4. Enforce strong security measures
Freelancers come and go based on an organisation’s occasional or seasonal demand. It is thus essential to control access to the data a contractor needs to do their work.
60% of small companies go out of business within six months of being hit by a cyber-attack . To minimize the risks of such a catastrophic event, here are some measures you can implement when working with contractors:
- Business-grade documents sync and sharing tools allow setting different access configurations for user accounts. To prevent your freelance workers from handling your files on free cloud drives, provide all business files via your own file platform and offer an efficient way for them to collaborate with your in-house team.
- Virtual desktop infrastructure (VDI) provides higher security when contractors need to access your systems without being granted credentials. Examples include allowing an auditor to conduct financial reviews on your accounting system, or a developer to implement codes on your CMS platform.
With VDI, all systems and operations remain on your own server while you have full control on every login and logout – restricting access to company data to the bare minimum required to get the job done and for no longer than necessary. You can distribute more “virtual machines” when required and easily clean everything for a new user.
- End-point security should not be forgotten since risks can arise if your business information is shared by print, scan or fax. As printers, scanners and fax machines are typically networked and connected to remote management systems, make sure your documents processing gateway also acts as your security gatekeeper. Track and automate the document cycle with comprehensive monitoring.
- Data security protocols help minimize risks and may save around US$150 for each lost data record . You should establish data security protocols, policies, and practices that every employee takes seriously to thwart any risk when working with external vendors. When sharing business information, categorize projects according to information classification , which might include:
5. Outsource the jobs only to your trusted providers
Is this too obvious? Maybe not so much when there is an urgent need or when a service provider offers a nice bargain. Relentlessly prioritize security over convenience and cost. You should always choose a trusted business partner who takes your business seriously.
While your business may have the opportunity to benefit from the flexibility and quality of work offered by freelancers and other agencies, they will always remain outsiders – you do not manage them the same way you do with your employees. When you create your smart workstyle, remember to include contractors in your strategy on workplace, process, and communication. With the right security measures in place, they will be able to contribute to your business success safely, as a part of your smart workforce.