What is commonly referred to as the Gig workforce has massively revolutionized global work culture over the last few years, especially in the tech industry which is experiencing a significant decline in the conventional nine to five model.
Gig workers are basically professionals or persons who take on temporary jobs; for short term engagements and project-based employment, as freelancers or contractors as typical in the service sector.
The exponential growth in the gig workforce model is rapidly phasing out the traditional model of work. In the US, more than 90% of workers said they consider freelancing or independent contract jobs a lot of times, in addition to their full-time job. The flexibility of this new way of work offers many benefits for both the gig workers and the organizations, while it offers organizations access to top talents in the field, the gig workers are able to pursue multiple opportunities and take on multiple projects while creating a flexible schedule for balancing their workloads.
Irrespective of the many gains the gig workforce model presents, the cybersecurity risks it poses cannot be downplayed. Many corporate entities have a structured onboarding procedure and policies for new hires and effective off-boarding policies for terminated employment but the lines are quite blurred for gig working engagements because of their short-term nature.
The remote nature of the model implies that gig workers typically use their own mobile devices and computers for jobs,storing sensitive research and proprietary information on a local drive or in a personal cloud account. Hence, instances of theft, loss of device and third-party access pose a huge security challenge as gig workers for most part, are expected to figure out the security of their own personal devices.
The question of the implication of the classified or proprietary information the gig workers would have access to during the project life cycle becomes preeminent.While it is a lot convenient to subject in-house employees to strict data security policies and manage business data, the gig force model presents a considerable level of disruption in that regard.
The consequent means of accessing the organization’s network and sensitive systems by the gig workers presents an elevated risk to the organization. The short-term nature of the gig workforce presents some level of complexity for Traditional Identity and Access Management (IAM) systems which were not originally designed to manage the increasing and dynamic number of employees the new model presents. Equally access of organization’s systems from unsecured locations and public WiFi connections are likely risks that would require adequate management.
Upon completion of projects and consequent disengagement, the challenge of retrieving sensitive data or documentations which were pertinent to the project comes to the fore. How can it be ascertained that proprietary data will not be shared or sold to competitors or malicious parties?
What are the best ways to mitigate these risks, you may wonder?
Firstly, going by the attribute of the gig workforce model which is short-term, the security team of organizations are required to educate key executives on the implications of engaging gig workers, provide insights on when it’s appropriate to engage gig workers and establish robust baselines to ensure total compliance during the engagement. Such baselines may include developing gig-engagement focused policies for on-boarding, Information security, Network Security, Remote access, Acceptable use, and communication. These policies will help the gig workers to understand their roles in keeping proprietary information safe and the consequences of non-compliance with company policies and statutory requirements.
Secondly, organizations can implement a zero-trust architecture to promote adaptive authentication using strong IAM systems which apply advanced algorithms and behavioural analysis and biometrics to ensure identity information of users are always current, centrally managed, regardless of the gig-user’s geographic location. Organizations can enforce the least privilege principle; that is, granting users access to only the resources they need to perform their functions, in order to avoid data leaks. This approach can be passed along to employees who will work with the gig workers on projects in order to enlighten them on the gig-user’s access level thus ensuring it is taken into consideration over the course of the project to prevent undue disclosure.
From a technical standpoint, organizations can maximize the use of technical controls and tools that are security centered, such as the deployment of a Virtual Desktop Infrastructure (VDI) which ensures that gig-workers can gain streamlined, consistent access to applications and data needed to perform their tasks. Remote Browser Isolation can also offer a proactive stance in ensuring that security threats resulting from the suspicious web and email activities are kept far from corporate networks and endpoints. Content Management tools that offer content categorization, workflows with collaborative functionalities can help fuel productivity in a way that supports information security.
Additionally, organizational policies for gig workers may include specifications on how the corporate network should be accessed. These policies may address concerns such as should access to specific resources require an official VPN? Does this apply to all virtual meetings to ensure confidentiality?. Organizations may also want to recommend mandatory tools and technologies such as those for security and debugging while some others may be prohibited.
Most importantly, gig workers should be trained upon engagement and periodically on best practices especially in the event of a potential data breach or loss of devices containing company data. Gig workers should know the procedure on who to contact and what steps to take.
There are just a lot more things to consider especially now that our workforce is changing so drastically. It is now more important than ever for organizations to strengthen their cybersecurity posture and embrace basic cyber hygiene.
In CyberPlural, we help startups and enterprises manage resilient cybersecurity plans and implementation across board. Learn more about our services and reach out to us to see how we can fortify the security architecture of your establishment.