Cyber Security and Contingent Workers | DCR Workforce Blog

Cyber Security and Contingent Workers

At the mention of security threats, most companies immediately think of hackers. The Washington State court system was hacked into this February – potentially compromising information about 160,000 Social Security numbers and a million drivers’ licenses. This news was closely followed by CNBC’s report of a former Bloomberg employee accessing user data of the Bloomberg terminals of Federal Reserve Chairman Ben Bernanke and former U.S. Treasury Secretary Tim Geithner. While hackers often target government sites, companies like LinkedIn, Twitter, Sony Entertainment and Apple have not escaped this threat. Protecting data is a big concern for all companies. Most spend big bucks on security networks and establish comprehensive security policies. Unfortunately, companies are more vulnerable to threats posed by their employees.

Recent surveys indicate that many employees lack a clear knowledge of their organization’s data security policies; constituting a major threat to data security. Temporary workers are even less informed, posing a much greater threat. With nearly one out of every four U.S. workers in a temporary capacity, the potential exposure is growing.

Data Security Imperatives:

Having a security policy in place is just the first step towards securing the networks. To mitigate the threat, it is necessary to develop information access and intellectual property policies specifically for non-employees.

Data protection is possible when companies:

  • Require all temporary workers to sign non-disclosure agreements
  • Clearly state what the worker may say about the company in blogs, social networking posts, and other online venues
  • Ensure that agreements with all temporary workers clearly define intellectual property rights and what constitutes their violation.
  • Make data security training a mandatory component of onboarding
  • Limit access rights to systems, databases and facilities for temporary workers to those assets absolutely required for the conduct of work
  • Provide clear guidelines to employees regarding the level and type of information to be discussed with temporary workers
  • Exclude temporary workers from company-wide meetings, quarterly “state of the company” briefings, and related events
  • During the off-boarding process, ensure that all access rights are terminated and all assets are returned
  • Have the required control to erase all data on a device issued to/used by an worker remotely

In the ultimate analysis, workers alone cannot be blamed for data breaches in any organization which fails to take data security seriously enough to make its protection a part of the corporate DNA.


Disclaimer:
The content on this blog is for informational purposes only and cannot be construed as specific legal advice or as a substitute for competent legal advice. They reflect the opinions of DCR Workforce and may not reflect the opinions of any individual attorney. Do contact an attorney for advice specific to your issue or problem.
Lalita is a people/project manager with extensive experience in operations, HCM and training and development across industries like banking, education, business consulting, BPO and information technology. She believes in a dynamic approach to life and learning as change is the only constant.