Sonal Patni, CTO at SMEcorner, a new age fintech lender, discusses the security risks when working with gig workers:
Mehul Dani: What kind of risks can originate from gig workers?
Sonal Patni: Companies are increasingly hiring gig workers to address the evolving needs of their business. Gig economy workers often need extensive access to the company’s systems and as a result, can open up a number of cyberattack vectors. This needs to be handled carefully. Unlike a controlled network and in-house employees, gig economy workers can’t be subjected to strict security oversight and the security needs to adapt to the new threats posed by the gig economy workers. Internal threats are a rising security concern among enterprises, malicious insiders are viewed as one of the top cyber threats across the enterprise today.
How can one mitigate the elevated risk that gig economy workers bring in?
Organizations need to have strict security protocols in place to properly mitigate the elevated risk that this entails. Managing sensitive business data when you’re using gig workers can be a delicate balance. While you need to protect confidential business and customer information, workers need access to the right data and systems so they can do their job properly. Even with a strong security framework in place to help safeguard data from external hackers and threats, an influx of gig workers can open the door to new vulnerabilities right within the walls of an organization.
To what extent should access to company’s systems be granted to gig workers?
A gig economy worker should be provided with controlled access to only what he needs as opposed to a sweeping access to everything. Companies should employ biometrics, multi factor authentication and just-in-time provisioning to reliably authenticate gig economy worker and provide controlled access to the corporate network. Each access to the system should be logged and every asset accessed must be measured to ensure there are no untoward incidents which can compromise security. Your data needs to be properly segmented, so that gig workers do not have access to your entire dataset but only to what they need to carry out necessary tasks. Also, it is necessary to audit the data your business holds and assign it a sensitivity.
What can an enterprise do to protect customer, user and business information while making gig workers a useful and flexible part of its workforce?
When you onboard gig workers, make sure you educate them and share policies around data management and data handling with them and have them sign up to receiving this information. Make your policies available to all your gig workers at all times. Access to policies and guidelines around data handling is a must.
How should one create roles for gig workers with limited access rights?
Every gig worker you take on will be performing a specific role. Look at the responsibilities and tasks that role will carry out and decide what data, systems and software they need to access. Create only those specific ‘roles’ in the network that have access to those areas, and no more. Assign only those roles to gig workers.
What should be the correlation between regular employees and gig workers?
Educate regular employees of the need to protect sensitive data. Your regular employees will provide guidance and mentorship to gig workers. Let your employees know about the restrictions on systems and data access. Inform them how they can help out gig workers and the type of data that is appropriate to share with them.
Put regular employees in place who can guide, train and mentor gig workers. In addition to answering questions and assisting with workplace tasks and practices, they can also keep an eye on how gig workers access and use data. Get them to gently guide gig workers in best practice for accessing and using business and customer information.
How can one restrict access to gig workers to sensitive locations in the business?
Make sure that you have proper access controls in place for various parts of your business. For example, restrict access into server rooms or data centers. Use biometrics and other access devices to limit gig workers to where they need to be, and nowhere else.
What should be done to know how gig workers are accessing data and systems?
You can put auditing in place to check what gig workers are doing on company systems. Your policies should state that you may audit computer and data usage. Each access to the system should be logged and every asset accessed must be measured to ensure there are no untoward incidents which can compromise the security of the organization. You can incorporate these suggestions one by one into your cyber security policies to gainfully employ gig workers and secure your business against unwanted data issues.
