11.14.19 – SIW –
As offices move towards a more flexible and modern workplace, employers must keep information security in mind
The booming gig economy has opened up a whole new world of opportunity for freelancers, contractors, and those looking for a side hustle. By next year, projections show that 43 percent of the U.S. workforce will participate in the gig economy[i], with no signs of slowing down. And it’s not just in relation to on-demand services like Uber and Postmates; even traditional retail and corporate environments are increasingly made up of a mix of full-time, part-time and short-term workers to help companies stay nimble in today’s fast-paced environment.
This new way of working can offer many benefits for both the “gig” workers and organizations. Workers have flexibility with their schedule and workload, and companies gain access to top talent in a fast-paced, competitive marketplace. But it also presents a number of unique challenges, namely security concerns. How much information do freelancers get access to? And are they accessing it securely? How do IT teams monitor threats when people are working remotely or on their own devices?
Many companies have a comprehensive onboarding process for new hires, and in theory, contract workers may receive similar review and training. However, the reality is that the ways in which companies interact with gig workers can encourage and enable questionable security practices. Just like full-time workers, freelancers need to understand their role in keeping proprietary information safe and held accountable to stay compliant with company policies and statutory requirements. But enterprises, too, must be set up to properly mitigate any risk.
Having just wrapped National Cybersecurity Awareness Month in October and now settling into the end-of-year rush, it’s an opportune time for organizations to revisit how they engage with freelancers and whether they have the right security protocols in place to help safeguard their information.
Many Threats Occur from The Inside
Data breaches are becoming all too common these days, and while movies and TV shows might have us thinking of a masked hacker remotely accessing our networks, Canon’s recent “Office of the Future Survey” revealed that many IT professionals believe malicious insiders and employee human error are the biggest cybersecurity threats — outranking third-party threat sources[ii]. Whether intentional or not, those working for the company may be the ones putting it at the most risk.
It makes sense when you think about it. As employees, we have a good deal of control over what information is shared. Accidental actions can be caused by opening an unsafe email, using an unverified plug-in, accessing an unprotected network, or failing to download the latest security update to our devices. Many of these incidents are unintentional oversights. However, companies also have to consider that some people that they come in contact with could have malicious intent, so the right monitoring and alert systems must be in place to prevent a possible breach.
One of the most important takeaways is that companies should commit to a comprehensive onboarding process for contract workers, with the same rigor and detail as they would for full-time employees. But it’s not a one-and-done solution. Companies should also regularly conduct information security refresher training and check-ins to help ensure that everyone is staying compliant as protocols and technology evolve. This time investment can help mitigate any long-term damage that could come from careless information sharing or security gaps.
Operate On a Need-To-Know Basis
So, you’ve properly onboarded a new contract employee, reinforcing the importance of following security protocols. The next question you should ask is what type of information access is needed for this person to perform his or her job?
Most people are familiar with the “security clearance” system that the U.S. government uses, in which each level grants the holder access to information in that level and the levels below it. While this is a very strict system intended to protect classified government information, the fundamentals can be applied to any organization by determining what type or level of employee needs access to a given level of information. Sometimes, it might seem easiest to share as much information as possible with someone to immerse him or her in the work and big-picture goals — but that comes with a risk. Instead, organizations may want to take a “need-to-know” approach to avoid key information being leaked externally – or even internally unnecessarily. This approach is also something that can be passed along to the employees who will be working with a non-employee colleague so that the employees can understand this person’s access level and help ensure that it’s taken into consideration over the course of the contract employee’s tenure at the company.
Out of Sight, Out of Mind
Many contractors work remotely, which can present a number of both technical and oversight challenges. It’s common for gig workers, especially those working at small and midsize companies, to follow a BYOD — bring-your-own-device — approach, rather than being provided company-issued laptops or phones. This means businesses need to be equipped for external connections to the network, which requires additional security oversight.
Along with that, the growth of remote work has led to the growth of public workplaces, such as coffee shops and libraries. This is a nice benefit for freelancers, who can enjoy the flexibility of their role and can be productive outside of their home. For businesses, it brings down overhead costs. But the added benefits of a mobile workplace often do not include security. In fact, it means less visibility into whether workers are following security protocols, using safe Wi-Fi and secure devices, and taking simple steps, like ensuring their screens are not visible to the public and locking their computer when grabbing a latte from the barista. Our previously mentioned survey found nearly half of respondents reported facing security threats related to compromised devices over the past year.
For organizations to help mitigate risk brought on by external connections and outside devices, it’s critical to strengthen their mobile device security processes and protocols. Additionally, companies should make identity management a top priority through authentication tools. This includes requiring a multi-factor authentication process for workers to access the network as well as specific data sources and connected devices, such as multi-function printers (MFPs).
Put the Right Solutions (and Solutions Management) In Place
While people might work from a variety of settings and utilize their personal devices, they still need efficient workflows and the ability to collaborate easily with broader teams. This means organizations need to put tools in place that fuel productivity but do it in a way that supports information security.
Content management tools like Box, for example, have built-in security features to deliver both control and peace of mind. Box delivers detailed usage reports and audit trails so users can see who is accessing which content. Additionally, many of these tools are investing in content categorization, workflow, analytics and artificial intelligence, meaning their utility is only getting better.
Remember That Security Is a Balancing Act
The gig economy is in many ways the herald of the fast-moving office of the future. Workplaces of the 21st century are no longer bound by the cords and cables that kept traditional offices in place. As always, new frontiers abound with new and often unforeseen dangers. As offices move towards a more flexible and modern workplace, employers must keep information security in mind. The benefits of the gig economy must be weighed against the risks involved in participating. To evolve into the next stage of the digital transformation, it is important for everyone to consider the balance between convenience and information security.
About the Author:
Hiroyuki “Hiro” Imamura is senior vice president and general manager of marketing for the Business Imaging and Communications Group of Canon U.S.A., Inc. He oversees all marketing activities for the Enterprise Solutions, Strategic Planning, Marketing Operations, Aftermarket Products, Large Format Solutions, Desktop Printing, and Imaging Solutions divisions.