Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Cybersecurity in the shortsighted gig economy

Written by  Jun 12, 2020

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work positions.

Rather than taking on a full-time job, and organisations consciously contract independent workers for short-term engagements and temporary projects.

Which is the unfortunate side of today's shortsighted attitude to business needs, effectively building the future economy on sand.

Nevertheless this is where we are and what organisations see as the way ahead.

In the UK, the gig economy now accounts for more than 4.7 million workers – and employs 1 in 10 working-age adults. All this is altering the way that people view and perform work.

And it’s not just transforming the workforce picture for high-profile gig economy firms such as Uber and Deliveroo that are poster children for the movement. Even conventional retail and corporate powerhouses now comprise of a mix of full-time, part-time and short-term workers to ensure they can remain agile, cost-effective, and able to adapt to changing market conditions in a fast-paced, technology-led environment.

cyber scared
Who do you trust?

Owing to this increasing trend of companies hiring independent contractors and freelancers instead of full-time employees and paying them for each individual ‘gig’ they do, IT contracting is becoming a very common gig economy role.

That said, the IT industry has being offering short-term contracts for many years in a huge range of industries.

Being able to deploy more or less IT expertise as situations demand is akin to best practice usage of cloud services. It’s quick, it’s flexible, and it meets the changing needs of the business.

Additionally, IT workers perform some of the more crucial roles in 21st century organisations, because every business relies on information and technology in some shape or form to function, as we’re seeing during the current coronavirus crisis. It’s assumed that large quantities of critical data and at least a few critical assets will need to be stored and managed for most business to serve customers, meet manufacturing deadlines, and more.

it downtimeAlso see: Tips for testing an IT security experts worth in the UK

One thing this business model is not, however, is inherently secure. The risk model has shifted from a model built around controlled environments, i.e. corporate networks. The perimeter – the first line of defence – was a known quantity and yes, it had holes, but generally IT departments were aware of where their weak points were. Now, the perimeter is at best distributed, and at worst non-existent. Frankly, the risk is that companies can no longer enforce security on the end device, as they may have no jurisdiction or control over it.

It’s therefore common that permanent IT employees are subject to strict security oversight. However, when these roles are performed by remote third parties, short-term contractors or otherwise not by permanent, trusted staff that are office-based, the risk is further exacerbated.

Which comes back to the short-sighted attitude I mentioned earlier, employers have to an enormous amount of trust in temporary employees who have no vested interest in the organisation.

The risk to the security of confidential data and credentials goes hand-in-hand with compliance risks. A breach, regardless of whether it took place outside the physical parameters of the office, can lead to large fines levied on an organisation – especially under the General Data Protection Regulation (GDPR). Such breaches can also negatively affect business continuity as well as the reputation of an organisation.

At a time where businesses are under immense pressure to stay afloat amidst the global coronavirus pandemic, the aforementioned risks may even cause irreversible damage in some cases.

batten down the hatches
Batten down the hatches

As flexible workers plug into an organisation’s network and access critical company networks from outside the physical boundaries of the office, organisations need to ensure they have stringent security measures in place to better manage the high risk that this entails. They also limit the access of contractors to only what they need, instead of trusting them with sweeping access to everything.

It is all too easy to grant too much access so that they won't keep bothering the company with request various levels of access to perform their duties effectively.

Risk factors include accessing networks from personal devices that lack enterprise-grade security, or from home networks that could be easily compromised. These risk factors are further amplified as much of the global workforce - full-time and flexible workers alike - are working from home during this Covid-19 crisis.

In this scenario, we are a long away from a world where security teams can implement policy on devices within the conventional network. Now, often they will have no control at all over the device being used by the external party to connect in and, similarly, not be able to ensure the security of the location where the device is connecting from; for instance a home WiFi network.

According to our previous research, 90 per cent of organisations allow third party vendors access to their critical systems and 72 per cent put third party access in their top 10 security risks. As apparent, the problem is widespread, and the risk is broadly understood. However, it is not being acted upon. The majority of organisations use approaches that are just not optimised for efficiency, and don’t consistently apply corporate security policies across on-premises and cloud resources. Any solution for third party privileged access must have basic security best practices that mirror established policies for internal workers.

Advertisement

Embrace security solutions

In fact, technological advancements mean that the shortcomings of obsolete technologies – such as VPNs – to secure remote workers can now be resolved with relative ease. The use of biometrics and Zero Trust policies can be employed to securely authenticate remote vendor access to the most sensitive parts of the corporate network. This can be done with the flexibility and ease-of-use that modern remote employees need by using the remote workers’ own mobile devices for biometric and multifactor authentication.

In the gig economy environment, where endpoint devices have varying levels of security and the workplace can be a café, car or home office, cybersecurity needs to match the versatility of modern working. The position where organisations can effectively implement robust security policy is at the point of connection, where third parties gain the access that they require into systems. This needs to be recognised and implemented.

plan ahead small
Plan ahead

Putting the time and effort it takes to plan the infrastructure of rights and privileges offered to 3rd parties access to your network is crucial.

Long-term benefits

In an ideal world employing full-time IT security professionals means the ability to develop trust and loyalty which does not have a short-term pound value.

Knowing their technical backgrounds and more importantly their capabilities when a cyber attack occurs cannot be underestimated. But then you could rely on a relatively unknown 3rd party to save your business from disaster, probably.    

The long term benefits far outweigh the short-term thriftiness and shortsighted attitudes of too many organisations, but in today's cut throat economy there may be simply no choice.


Peter Flynn

Creator and director of IT Security Centre UK.

I have worked in the IT industry for many years and developed my IT security skills in particular. As this area has always been of interest to me and is more important now than ever.

Advertisement

Popular Cyber News

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

Jul 23, 2020 Cyber Security

Many cyber attacks on UK sports industry says report

At large percentage of sporting institutions, organisations and teams in the UK have suffered a security incident in the...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Apr 16, 2020 Cyber Security

Cybersecurity lessons to be learnt from the Pandemic

It may not be obvious, but the spread of information on computer networks is like disease processes. ...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Jun 06, 2020 Cyber Security

Phishing attacks on companies using PBX systems increases dramatically

While video conferencing solutions have become the prime targets for hackers recently following the shift to remote work...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Apr 13, 2020 Cyber Security

Under half of UK businesses provide cybersecurity training: Kapersky

If businesses want to seriously wan to reduce he risk of data breaches and remains secure, they must commit to employee ...

Apr 17, 2020 Cyber Security

SonicWall launches boundless cyber security platform

SonicWall has released a new boundless cyber security platform to protect companies and government agencies remote workf...

Jun 11, 2020 Cyber Security

UK government to fund nine cyber security projects

The government is to invest £10m through March 2024 from various sources to fund nine academic cyber security projects ...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Advertisement
Symantec Home 120x60

Advertisement