Gold Standard Cyber Security for the Gig Economy
The ‘gig’ economy is said to be many things – but one thing that isn’t talked about enough is the potential cyber attack vectors it can open up. Instead, news articles and Op-eds variously depict it as symptomatic of the decline in the traditional nine-to-five day (characterised by a stable income and healthcare) or the jet fuel powering the new world economy.
Whatever your views on its positives (or negatives), the increasing trend among companies of hiring independent contractors and freelancers instead of full-time employees, the gig economy is big and getting bigger: now accounting for more than 57 million workers in the US alone. With the gig economy now a fixture of the corporate landscape – isn’t it time to make sure it isn’t exposing you to new risks?
If asked to describe the typical gig economy worker, most people would probably cite a part-time Uber or Deliveroo driver – but that’s doesn’t explain those massive numbers. Even traditional retail and corporate powerhouses now comprise a mix of full-time, part-time and short-term workers to ensure they can remain nimble, cost-effective and able to adapt to changing market conditions in a fast-paced, technology-led environment.
However, there’s another surprising profession that has become a major part of the gig economy – IT. Since IT professionals – from systems administrators to developers and engineers – often need extensive access to their employer’s systems, this can very quickly become a problem for security, especially if that access is privileged.
Of course, companies have good reasons for turning IT jobs into gig work. It is in line with how modern enterprises approach IT in general. Think about how cloud services work. The same way cloud services allow companies to deploy more resources when they’re needed and fewer when they’re not, the gig economy lets companies only field the number of IT professionals they need as their needs change. It’s quick; it’s flexible and it meets the evolving needs of the business.
One thing that participating in the gig economy is not, however, is inherently secure. The old model for cybersecurity was built around a controlled environment, such as the corporate network. The network perimeter – traditionally the first line of defense – was a known quantity and yes, it had holes, but the location of the weak spots was probably already known. Now, the perimeter is at best distributed and at worst non-existent.
Meanwhile, IT professionals perform some of the more crucial and highly privileged roles in 21st century organizations, because every business relies on information and technology in order to function. It’s assumed that large quantities of critical data and at least a few critical assets will need to be accessed and managed in order for the business to serve customers, meet manufacturing deadlines and more.
It’s common for in-house IT employees to be subject to strict security oversight. However, when these roles are performed by remote third parties, short-term contractors or otherwise not by permanent, trusted staff based in the office, security must adapt to the new threats this poses.
As flexible workers plug into an organization’s network and access sensitive company systems from outside the physical perimeter of the office, organizations need to have strict security protocols in place to properly mitigate the elevated risk that this entails.
They also need to enforce proper controls so remote gig workers are only accessing what they need to, instead of trusting them with sweeping access to everything. Risk factors include accessing networks from personal devices that lack enterprise-grade security or from home networks that could be easily compromised.
According to CyberArk global threat research, 90 percent of organizations allow remote vendor access to their critical systems and 72 percent put remote vendor access in their top 10 security risks. So, this problem is widespread and the risk is understood. But, is it acted upon? If not, gig economy workers put themselves and their employers at risk of data breaches, leaks of confidential information and more.
Advances in technology mean the shortcomings of existing options – like VPNs – to secure remote workers can now be overcome. Use of biometrics, Zero Trust principles and just-in-time provisioning can and should be employed to reliably authenticate remote vendor access to the most sensitive parts of the corporate network. In the gig economy, where endpoint devices have disparate levels of security and the office environment can be a café, car or home office, cybersecurity needs to match the flexibility of modern working. And it needs to be recognized and implemented.
CyberArk Alero provides secure authentication with the flexibility and ease-of-use that modern remote workers need by using the remote workers’ own mobile devices for biometric and multifactor authentication. Learn more about how Alero secures secures remote access or download the Alero datasheet.