2015 was a year in which we saw a number of high profile attacks as a result of contractor and employee oversights or criminal activity by people working inside the organisation. Contractors and temporary workers play a valuable role in helping organisations to operate, solving short term resource issues or providing expert skills for a finite time, without long term commitments. Their availability and ability to hit the ground running means they are often recruited fast to fulfil an urgent need for the business.
That’s all great news, both for maintaining business as usual and for delivering projects that require specialist skills, but there are serious implications in terms of information security risk.
Verifying a person’s identity and the authenticity of their identity documents should be a critical part of the recruitment process for contractors. When it comes to onboarding contract staff, employers also need to ensure that the process is not overlooked and reserved only for permanent workers.
Furthermore, every business that has screened and onboarded its contractors and temporary workers should think carefully about the systems and devices it has given them access to, and what they can do with this access. In many organisations, contractors are given the same access rights as other similar internal roles, but without a granular review of the systems and applications they need to access to do the job they’ve been hired to do.
If this scenario seems familiar to your organisation, and you are unaware of your current security vulnerabilities as a result of hiring more contracts in recent years, it would be prudent to identify any vulnerabilities through a Risk Assessment. This should help you understand your current security situation better and result in you being able to effectively bolster your cyber security defences through various options such as improved Incident Access Management (IAM) solutions, all of which can be provided globally for your organisation by NTT Security.
Click here to read our full In View on Contractor Security.
Businesses and government agencies see value in using temporary workers, contractors and subcontractors. Nothing could go wrong. Right? Wrong. Things could go very, very wrong. Ask the National Security Agency (NSA), which contracted with Dell Inc. and Booz Allen Hamilton for help. Both contractors hired Edward Joseph Snowden, who leaked classified information from the NSA. He worked as an infrastructure analyst inside the NSA. In June 2013, he disclosed thousands of classified documents that he acquired while working as an NSA contractor first for Dell and then for Booz Allen Hamilton. The negative fallout was international and continuing.