Cybersecurity – “Logic Bomb” with Contingent Workers

Today, all workplaces face the growing risk of cyberattacks, and no matter what type of company, online safety and security are responsibilities we all share. However, one of the leading cybersecurity threats is the people inside your organization. And by 2020, the US contingent workforce is expected to be more than 40% of a company’s total workforce. What does that mean for managing cybersecurity within your company?

Bitpipe.com shared a report by Identity Automation, titled “6 Insider Threat Mitigation Strategies”, that suggests that insider threats are greater when contingent workers are employed because 1) these people are often not exposed to the same training or security policies, 2) there is a greater turnover of contingent employees, and 3) most companies do not have robust identity access and management controls in place. The report summarizes the threat:

Most companies have limited knowledge of their contingent users. The same risks inherent to the full-time employee are elevated in the case of the contingent worker, due to a lack of loyalty, higher churn, and minimal training. Traditional identity and access management systems are often unable to keep up with this new breed of contingent worker, forcing organizations to move slower or open themselves up to increased security risk—something no business can afford.1

Reduce This Threat by Doing These 6 Things:

  1. Better vetting during the hiring process
  2. Security training for contingent workers, beginning on day one
  3. Stricter access controls limited to systems they need for the time they need them
  4. Centralize access with an appropriate authoritative source
  5. Delegate and automate access to the hiring managers
  6. Automatic de-provisioning when the employee leaves the organization1

Some companies are using CyberSecure My Business™, created by the National Cyber Security Alliance (NCSA). The program was created to help protect cybersecurity in small and medium-sized businesses (SMBs). It does so by offering interactive training based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Regardless of a business’s size, it is critical to take measures to help prevent attacks and have a set plan ready to go if one does occur. Across the board, NCSA recommends a top-down approach to creating a culture of cybersecurity in the workplace. The following steps ‒ developed by NIST ‒ will help tremendously as you formulate a plan to keep your business cybersecure:

  • Identify: Conduct an inventory of your most valuable assets – the “crown jewels” of greatest importance to your business and of most value to criminals – such as employee, customer, and payment data.
  • Protect: Assess what protective measures you need in place – such as keeping your software up-to-date
  • Detect: Have systems set up that would alert you if an incident occurs, including the ability for employees to report problems.
  • Respond: Make and practice an incidence response plan to contain an attack and maintain business operations in the short term.
  • Recover: Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.2

In another initiative to assist SMBs, NCSA created the Cybersecurity Awareness Toolkit. It is packed with techniques and tips that address simple, actionable ways that organizations in various industries can better protect themselves and their companies from being compromised.2

The Department of Homeland Security developed a Toolkit that contains information about ways you can use cybersecurity key messages in your own organization. The Toolkit includes links to useful websites, social media language, key messages, and frequently asked questions to help you prepare for an NCSAM initiative. To download the DHS NCSAM Toolkit, visit www.DHS.gov/NCSAM.3

ClearPath can help you design a solution pertaining to your contingent workers. We can help relieve this burden by outsourcing your back-office Human Resources and Payroll functions to our Employer of Record service. Contact us to learn more about how our expert personalized service can let you get back to focusing on your business goals. Work with a leader in the industry for outsourced Human Resources and Payroll functions associated with W-2 and 1099 contingent workers. Let ClearPath be the path to your peace of mind. For other questions about assessing your workforce or conducting a review of your current hiring processes, the ClearPath team can assist you.

This blog article is for general information purposes only and does not provide an in-depth review of cybersecurity. It should not be solely relied upon or substituted for legal or professional advice. The use of the information provided is at your own risk.

Sources:

1 http://kppartners.com/cybersecurity-insider-threats-from-contingent-workers/

2 https://staysafeonline.org/about/

3 www.DHS.gov/NCSAM

Leave a Reply