We’re in the age of the gig economy, where more and more businesses are working with freelancers and contractors rather than hiring full-time personnel. In 2021, Upwork research showed that 59 million Americans performed freelance work, representing 36% of the entire US workforce.
And that’s just the freelancers that US businesses hire within the country! Many companies also work with freelancers and contractors across the globe. In fact, more than 30% of Fortune 500 companies use global freelancers on Upwork and Fiverr.
Working with freelancers is often a no-brainer for businesses of all sizes. Startups can access talent and skills without the cost of hiring someone full time, while large companies can better manage costs, continue to grow and fill temporary vacancies through this model.
The cloud is the power behind the gig economy
It’s not like freelancers come into the office every day. Usually, they work remotely and from their own laptop or mobile device. Even if your contractor is in your city, they may not come into the office. In line with this, freelancers say the ability to work remotely (54%) is a top driver for contracting.
Cloud applications are the fuel that power employee-freelance teams. Tools like Slack, Google Workspace, Teams and more are the basis by which freelancers and contractors communicate, share their work and collaborate with employees.
The security risks of contractors and freelancers
While cloud applications are essential to onboarding and communicating with freelancers, organizations must be aware of potential security risks. Often, your contractors will gain access to cloud files and resources that contain sensitive data, intellectual property or even customer information. If the freelancer misuses this information, whether intentionally or accidentally, this could lead to a data breach.
We’re not saying, by any means, that contractors are out to steal your data. 99% of the time, freelancers are just trying to do a good job. However, because they’re freelance, they won’t have gone through the same level of security training as your other employees. They also probably won’t know about your company’s security policies.
Moreover, we have to remember that contractors work from their own, unmanaged devices. Without you knowing, they could be downloading sensitive data onto their devices. This data could then be shared with competitor clients or, if the person’s device is stolen, you could end up with a data breach on your hands.
There’s also the risk of human error, which we’re all vulnerable to. Your contractor could accidentally leave a Google Doc set to public when it should be private, or share confidential information with the wrong contact over email. While easy to make, these mistakes can have big consequences for data security and compliance.
To compound matters, cloud applications are often ‘opaque’ to IT teams. This means IT personnel don’t have the tools to see where data is in the cloud, how it is being used and who has access to it. Without a clear picture of data usage in the cloud, your company can’t ensure that freelancers use data correctly.
How to mitigate the risks of working with contractors
The above dangers shouldn’t put you off working with contractors and freelancers. These types of workers can be a great asset to your company. You just need to make sure that you manage freelancers correctly from a security perspective.
Here’s how to do it:
Use the principle of least privilege
Least privilege is an approach where employees are given just enough corporate access to get their job done but can’t access unnecessary sensitive files. You should ensure that your freelancers only have access to the cloud resources they need to do their jobs. A freelance graphic designer, for example, shouldn’t be able to access your quarterly finance reports.
You can enforce the principle of least privilege by segregating your accounts based on access privileges. You should also verify all of your users–employees and freelancers–through Identity and Access Management and single sign-on.
Get vocal about file sharing
All of your employees, full-time or contract, should be educated on the importance of cloud security best practices. You should ensure that everyone knows about secure file sharing policies and access permissions.
To formalize this with you freelancers, why not share a written document before they join the company so that they understand what is expected from them. This is especially important if you work in a highly regulated industry like healthcare or finance.
Streamline freelance processes
In apps like Slack and Google Workspace, you can create dedicated channels and folders for different teams. Depending on the nature of the work your freelancers handle, it may make sense only to allow them access to specific files within your cloud-based system, so you can more easily manage and track how they interact with your data.
Stay on top of workplace changes
Freelancers come and go, often on a project basis. Make sure that you stay on top of third party changes and update your files accordingly. A freelancer that you no longer work with shouldn’t be able to access your company data!
Reinforce your policies with cloud-based DLP
Even with access controls and security policies in place, many IT teams still lack much needed visibility into cloud applications. They need to be sure that their data is safe, not just pretty sure. This is where cloud-based DLP comes in.
A next-gen DLP solution can act as a virtual compliance officer within your security team. For HIPAA, GDPR and state privacy regulations, you can enforce DLP policies that capture, redact and protect PPI and PHI as it travels through Slack and other collaboration tools. Best-in-breed solutions like ours also offer AI capabilities, allowing the solution to self-learn the more it is used.
You can inform your DLP solution what data must be protected at all costs through data classification. It can detect PII, PHI and trade secrets, preventing them from being unlawfully shared, transported or accessed by unauthorized parties. Moreover, because next-generation DLP works in-app, it doesn’t hinder employee productivity or disrupt the workflow. This means that employees can continue to collaborate as normal.
Moving beyond data, next-generation DLP solutions are also contextually-aware. This means that they can protect against insider threats by spotting and responding to suspicious activity in real-time. For example, a next-gen DLP solution can prevent a freelance employee from using Slack to download sensitive data using data redaction.
Best-in-breed DLP solutions don’t just protect data; they empower your people to make better decisions. Security training is an integral part of any enterprise security strategy, but freelancers are rarely afforded in-depth training. To help with this, our DLP solution offers in-app nudge functionality, which checks in on your people as they make decisions to remind them of security best practices.
Don’t let your freelance and contract employees be the reason for a data breach. Help your people work securely, and keep your data safe, by implementing cloud-based DLP today. Polymer DLP prevents sensitive data exposure across your SaaS apps without slowing your business.