As the gig economy, and the use of temporary or on-demand workers, expands at a record pace, individuals can lend their talents to short term engagements and earn money on their own schedule, allowing people to make a living with a greater flexibility and variety of work.
But as the use of temporary work grows, sometimes without the knowledge of C-Suite executives, companies that fail to properly vet the platforms they’re using, and carefully control the access they’re granting to temporary workers, are substantially raising their level of vulnerability to accidental disclosures, hacks, and exploitation.
There are several security concerns relating to the use of minimally vetted, temporary workers to fill gaps in capabilities or temporarily augment operations, particularly if this is done on an ad hoc basis outside of C-Suite knowledge or directive.
Though the benefits of using short term workers often appear quite numerous, the related risks, also quite numerous, are rarely acknowledged or addressed.
First, because the most frequently outsourced tasks involve data entry, data coding, and things like content management system clean up, there is a higher likelihood that customer information, personally identifiable data, or company confidential information could inadvertently be shared with an outside individual or via a gig engagement platform.
Information that an employee may feel necessary to share with a temporary consultant could result in a breach of confidentiality or data privacy laws.
This could open the company to the possibility of lawsuits, fines, or other punishments if such information sharing becomes known or the information allows someone to improperly or criminally access systems.
Additionally, given the pace at which companies need to complete the work that they outsource to gig platforms, thorough due diligence and vetting of contractors is often sacrificed for speed.
A company using a gig platform may not be able to thoroughly vet each gig worker given that they receive limited information about them, and often can’t pick and choose who is assigned the work.
There have been numerous reports about the limitations of the background checks and other vetting procedures followed by short term engagement platforms.
Uber drivers with criminal records, babysitters with outstanding warrants, and delivery drivers with driver license issues have routinely made headlines, and resulted in rapes, deaths, and accidents.
But a consultant under investigation for securities fraud or a temporary secretary with citations for theft could easily cause problems for a company with less tragic, but no less serious consequences.
Furthermore, it is usually unclear to what extent an on-demand service platform requires its contractors to practice good cyber hygiene and data security.
Many gig workers use their personal computers, personal accounts to conduct research and compile information, etc. It is also a mystery as to whether workers actually delete any sensitive information from their personal systems upon conclusion of a short-term engagement.
Unlike regular vendors or contractors, who may be required to have encrypted hard-drives, anti-virus software, document repositories, password managers, and other security measures installed on their systems, gig workers may be using already compromised machines and connections to engage with your system, potentially opening access points into your operations.
In some ways, the huge increase in gig economy opportunities presents similar challenges to those of the distributed, remote workforces, which had to integrate the use of VPNs, mandated software, and other measures to protect intellectual property and sensitive data.
But while that was a largely achievable solution, the vast numbers of gig platforms, and the speed at which on demand workers are required, have to be retained, and must complete their work, presents new challenges that companies need to address, especially as their ask their employees to do more with less, requiring the use of lower cost gig workers to supplement strained workforces.
Developing Clear Policies for Using Gig Platforms
For companies considering the use of gig platforms to perform routine or mundane tasks that full-time employees or existing contractors cannot fit in to their workflows, a few tips can make the process more successful.
First, companies should have a clear policy on the use of such gig platforms- with clear expectations from the C-suite on which, if any, are acceptable, vetted platforms; the tasks that can be outsourced; the necessary procedures for keeping sensitive data secure; and protocols governing the process by which temporary workers are given access to systems or data, with clear policies for ensuring any data is deleted permanently at the end of the engagement.
Second, employees should understand the risks of using any gig platforms, and the many possible vulnerabilities involved- no employee should be able to outsource tasking without the knowledge of leadership, and clear penalties for any unapproved use should be articulated and shared.
Finally, firms should ensure that they have uniform procedures in place for regularly vetting the platforms they use, and to review any procedures meant to safeguard the company from potential vulnerabilities, to ensure that new features, offerings, and other changes to the terms governing use of gig platforms do not exacerbate the company’s exposure.
How can VerSprite help you better understand your geopolitical risk and cyber risk exposure? VerSprite offers a range of services designed to help companies assess, analyze, and address their exposure to geopolitical risk.
Geopolitical Risk consulting can help you further unlock your organization’s potential by discovering previously unforeseen opportunities for you to flourish in the global economy. Read more →
Cybersecurity and geopolitics are inextricably linked. To holistically tackle threats to our information security, we must take a step back and examine their causal roots and drivers, which take place day after day on the international stage.