All Resources

How to Mitigate Security Risks from Third-Party Contractors and Freelancers

Blog | Altitude Networks, September 28th, 2021

Using freelancers and contractors is trending across more and more industries. According to Upwork, freelancers comprised about 36 percent of the global workforce in 2020, and job postings for contract work increased by about 41 percent in Q2 2020, driven by the COVID-19 pandemic. Additionally, some businesses are now relying on contractors to help them through the labor or skills shortage in their industries. In September 2021, the U.S. Department of Labor reported 10.9 million job openings, including skilled labor positions. Utilizing freelancers or contractors can fill gaps until businesses can find full-time help – or, in some cases, can become a permanent solution for acquiring necessary resources. 

Managing Collaboration Among a Dispersed Team 

It’s typical for contractors to work from their own offices, collaborating remotely with a business’s employees. Cloud-based resources, such as Microsoft 365 and Google Workspace, provide an easy way for dispersed, hybrid employee-contractor teams to work together. With these cloud-based solutions, team members can share calendars, use messaging features to ask quick questions, store work in progress in shared files, and view, comment on, or edit project documents.

Cloud collaboration solutions have proven their value – especially during the pandemic when organizations needed a way to continue to operate and maintain productivity after physical offices closed. Using both cloud solutions and contractors has been key to businesses operating at full capacity and delivering products and services as promised as challenges from the pandemic and labor shortages mounted. 

Risks of Using Third-Party Contractors & Freelancers

However, along with the benefits of using contractors and freelancers also come some risks that businesses may not have anticipated. Contractors often need access to cloud files that contain sensitive information, customer data or intellectual property (IP). 

Granting a freelancer or contractor “edit” permission could lead to files shared outside your organization without your knowledge. Depending on the industry that you serve, making those files available to other people may constitute a data breach, and you could face fines for violating privacy or data protection regulations. 

Furthermore, contractors, just like everyone else, make mistakes. For example, they could accidentally share a file with the wrong address in their list of collaborators or share the wrong file with their team, making IP, financial information, or plans for an impending merger or acquisition public. 

Also, don’t forget that contractors and freelancers may use their own computers, devices and networks. A vulnerability on their end could lead to malware that’s uploaded to your cloud files, corrupting your data or locking you out until you pay a ransom. 

Unfortunately, you also need to protect your business from contractors or freelancers with selfish motivations. Access to cloud-based files and documents could tempt them to download information that they could use for their own benefit – or sinister purposes if a conflict arises in your relationship. 

How to Achieve Secure Cloud Collaboration 

You can avoid many of the risks associated with using contractors by developing and implementing a strategy that includes:

1. Enforcing cloud collaboration policies

Whether team members are full-time employees or contractors, educate them about cloud collaboration best practices. Stress that they must share files only when necessary and that the level of permission (i.e., view, comment, or edit) should be only as much as collaborators need to do their jobs. Minimal access and permissions will control data leakage – as well as the damage that a malicious insider can do. 

Also, speak with your contractor about file-sharing in general. Your contractor may also have policies to protect data. Ensure your team and theirs can work together and that they will train their users on your file-sharing practices. 

2. Formalizing everything in writing

Document your policies, distribute them to collaborators and hold a training session for your employees and contractors who will work together in the cloud. An effective way to organize the information is to list “Do’s and Don’ts” for the team to follow. 

3. Designating a responsible person

Your departments or groups should designate an in-house employee responsible for establishing and managing your cloud collaboration folder structure or assign this task to your IT or security department to manage. 

An organization that all collaborators know and follow will make it easier to find and track files used by contractors, and a person who takes ownership will make sure the system is maintained. 

4. Keeping lines of communication open

Cloud collaboration is never “set it and forget it.” Stay in communication with your team and your in-house employee responsible for managing cloud folders to discuss changes, whether at an employee’s or contractor's request. Also, when projects end, ensure that your IT or security team is aware of who should no longer have access to information. 

5. Scheduling regular meetings with contractors

Your contractor agreements should include provisions to meet regularly to discuss projects and operations, schedule training, and maintain proper security posture. 

Always Maintain Visibility 

Using contractors or freelancers expands your IT environment to include remote workers and their devices and networks, making it more difficult to monitor activity and how your data is used and shared. Even with training and frequent communication with contractors, data leakage can occur. 

However, there is another line of defense you can use to protect your data. Intelligent technology – that learns and understands your data and can identify data that must be secured – can work in the background, monitoring activities and alerting you when noncompliant behaviors occur. 

This technology gives you the real-time insights you need to stop data loss or a data breach that can negatively impact your business and put sensitive information at risk. 

For more information on policies, procedures and technology that will protect your business using contractors or freelancers, contact Altitude Networks.

Ready to learn more about how Altitude Networks can protect your sensitive files?

Ready to learn more about how Altitude Networks can protect your sensitive files?