The composition of the workforce is changing. In fact, IDC predicts that the mobile worker population will account for nearly 72% of the total US workforce by 2020. Already, many organizations have started adopting more flexible work policies to accomodate shifting demographics. At some companies, employees are encouraged to telecommute either full- or part-time. Still other companies have increased their use of remote contractors as an alternative to employees. Estimates suggest that 45% of the workforce will be “contingent”—self-employed, contractors and temps—by 2017.
The rise in both the mobile and contingent workforce places a lot of strain on data security. With high profile cases such as the OPM breach this past year, contractors and vendors are a consistent weak point for many organizations. Although people, in general, can be tied to most data breaches, it’s those with the least amount of training and oversight that pose the largest risk.
When it comes to working with freelancers, contractors or business partners of any kind, organizations should:
- Conduct, and respond to, regular risk assessments that look both at how data is stored and how data is accessed.
- Harden access: Ensure access to internal systems requires strong authentication and apply strict limits on information available to the outsider. Experts recommend two-factor authentication techniques, such as a combination of a token and a password, for external access.
- Isolate access: Cordon off externally-accessed systems and networks from the rest of the internal network using internal firewalls (similar to a network DMZ used to isolate sacrificial servers). Log and review traffic that traverses the internal firewalls to the externally-accessed systems.
- Log and audit: Maintain and review logs of external access. Unexpected access may turn out to be a false alarm, but check and verify.
- Regularly review: Business partners, freelancers and contractors come and go and their IT needs may change over time. Restrict or revoke access as necessary.
- Be prepared for a breach, with a data breach response plan and a trained team to handle the incident. This can help both mitigate the breach and its fallout.
In our own whitepaper, The Enemy Within – Insiders Are Still the Weakest Link in Your Data Security Chain, we talk about the challenges that “people” pose to data security and how Absolute Data & Device Security (DDS) can help your organization plug the security holes created by mobility and human error. It’s important that organizations take steps to increase visibility over the devices their remote workers are using. Learn more at Absolute.com