Is the gig up when it comes to cybersecurity?
In today's highly connected world, organisations increasingly opt for a gig model, leading to short-term workers and contractors plugging many of the skills gaps impacting organisations. However, gig workers can pose serious cybersecurity risks for the company by remotely accessing sensitive corporate data on their own devices.
It's clear that the gig economy poses a real risk from a cybersecurity perspective. As of January 2023, 87% of contractors surveyed reported still having access to previous clients' accounts. On top of this, 71% said that they had contact with financial service information, which could have potentially devastating implications if in the wrong hands. Those are results from the recently commissioned survey by Beyond Identity, which canvassed over 1,000 contractors and managers about the topic. So let's dig a little deeper into what the results revealed.
Cybersecurity at risk from Gig workers
As the world becomes increasingly connected, more businesses and workers are embracing the gig model, with companies opting for short-term workers and contractors over full-time employees, leading to the growth of the gig economy. In 2021, over one-third of the U.S. workforce freelanced, totalling 59 million Americans, and as of January 2023, freelancers represented 17.5% of the entire U.K. workforce. Although the gig economy offers advantages to independent contractors, using personal devices to access sensitive corporate data can pose serious cybersecurity risks for companies. It is essential to understand these risks and implement robust security protocols and proactive measures.
The research indicates that short-term contractors may enjoy long-term access to corporate data and accounts. They may also be accessing this data from devices that are not well secured. This access ranges from financial affairs (87%) to communications channels (64%) to operational processes (63%). This risks significant corporate data breaches, social media hacks and phishing attempts.
Contractors are also less likely to follow established security protocols to protect devices. According to the survey findings, 62% of companies required contractors to adhere to security protocols during the onboarding process. Most gig workers surveyed reported complying with this requirement by using complex passwords that are regularly changed. While multi-factor authentication and firewalls were identified as top security measures contractors took to guard against cyberattacks, less than half of the respondents confirmed using these safeguards.
There are over two thousand cyber attacks every day, leading to more than 800,000 people or businesses being compromised each year. One of the leading causes is human error, with 88% of attacks attributed to mistakes. Failure to adhere to security protocols can thus have significant consequences.
Sadly, the research revealed that 76% of freelancers had been hacked while working on a gig. This has resulted in 64% having an average of $260 stolen, usually by unauthorised purchases. At the same time, 60% of gig worker usernames and passwords have been stolen, providing an access point for data theft.
Putting training first
As noted above, hacking attacks are frequently the result of employee mistakes, making those who use gig workers responsible for ensuring they are adequately trained in cybersecurity processes. Adversary methods change constantly, and we need to stay up to date with all the latest techniques. Prevention is better than a cure, so organisations should start with a robust security protocol and comprehensive training.
Training can be as simple as highlighting the potential harm of phishing scams, malware, and other forms of cyberattacks; encouraging phishing-resistant multi-factor authentication; and teaching about the danger of clicking on unknown links or downloads. Better yet, organisations across the board should move to passwordless technology and phishing-resistant MFA for the internal systems that gig workers access. It is also worth ensuring you hire the right workers by joining the 69% of businesses that perform background checks on gig workers. That helps avoid hiring someone with a history of cybercrime.
Although many companies prioritise cybersecurity protocols before and during gig work, implementing measures after the gig is over is equally essential, if not more crucial. These post-gig measures are critical to maintaining cybersecurity and ensuring that sensitive data remains protected, which might come as a shock to the 33% of respondents who said that they only sometimes change internal passwords after a gig worker has finished their contract.
Gig workers can also be a source of frustration with regular requests for access. According to the research, 40% of managers are contacted daily for this reason, with another 35% being bothered a few times per week. This adds up to 34 minutes per day spent on these tasks, which explains why it might be tempting to forget to change passwords.
Undoubtedly, the Covid-19 pandemic and the ongoing evolution of the gig economy have turbocharged the number of contractors. It is clearly a flexible, cost-effective model that has benefits for employers and contractors alike; however, security must remain paramount at all times. Temporary passwords and restricted access are a limited solution but remember to revoke access and update passwords post-contract. That way, both the employer and gig worker can work safely and securely today and in the future.