Wonolo
Managing sensitive business data when you’re using temporary employees can be a delicate balance. On the one hand you need to protect confidential business and customer information; on the other, workers need access to the right data and systems so they can do their job properly.
Here’s what you can do to protect customer, user, and business information while making temporary and on-demand workers a useful and flexible part of your workforce. Take these suggestions one by one and incorporate them into your working practices. This advice isn’t just good for on-demand workers either — applying these changes to permanent employees can also help to secure your business against unwanted data issues.
One — Develop and Share Your Policies on Data with On-Demand and Temp Workers
The first thing to do is to understand how you’re going to treat data in the workplace. Some of your data control will be driven by government regulations like HIPAA or PCI DSS, and some will come from business requirements and the need to protect sensitive and confidential information. Once you understand how to handle data in your business, create policies and guidelines around data handling.
When you onboard your temporary staff, make sure you share policies with them and have them sign up to receiving this information. Make your policies available in your staff manual, on the intranet, and anywhere else temps can see them.
Two — Create Proper Technological Protections and Silos for Data
Your data needs to be properly segmented, so that temporary workers do not have access to your entire dataset — only what they need to carry out necessary tasks. Audit the various data your business holds and assign it a sensitivity. Make sure IT implements systems that only allows on-demand workers and temporary employees to have access to the relevant data.
Three — Work Out the Roles Temporary Employees Will Fill and Give Them Appropriate Access (and No More)!
Every on demand or temporary employee you take on will be performing a specific role. Look at the responsibilities and tasks that role will carry out and decide what data, systems, and software they need to access. Work with IT to create specific “roles” in the network that have access to those areas, and no more. Then, use those roles, and only those roles, for temporary employees. For example, if you have someone in the warehouse who is picking and packing goods, they probably don’t need email access.
Four — Create and Test Predefined Logins and Profiles for Temporary Workers
Because you want to get temporary workers up and running as quickly as possible, you might want to have role-based profiles that are ready to go. Set them up ahead of time and check they don’t provide access to unnecessary or sensitive data, applications, or systems.
Five — Lock Down Your Software and Hardware
Unauthorized access can be a real problem, so make sure IT locks down as much of your system architecture, desktops, and laptops as possible. They might disable USB ports, certain drives, or even printers to stop people without the right credentials from using them.
Six — Restrict the Use of External Devices
You could stop temporary workers from using their own devices when they are in your place of work. This can be good for both productivity and security. For example, you may ban USB drives or the use of cameras on mobile phones while people are in the workplace.
Seven — Inform Regular Employees of the Need to Protect Sensitive Data
Your regular employees will provide guidance and mentorship to temporary and on-demand workers. Let your permanent employees know about the restrictions you’re placing on systems and data access. Inform them how they can help out temporary workers and the type of data it’s appropriate to share with them.
Eight — Restrict Access to Sensitive Locations in Your Business
It’s not just online data you need to protect — physical security is important too. Make sure that you have proper access controls in place for various parts of your business. For example, you probably don’t want to allow temporary employees into server rooms or data centers. Use key cards and other access devices to limit on-demand talent to where they need to be, and nowhere else.
Nine — Be Aware of Social Engineering and Have Checks in Place
One way that hackers, criminals, and other bad actors get hold of sensitive information is through “social engineering.” Make sure that you understand the main types of social engineering, and if possible, let your temporary workers know about them. At the very least, they should report anything that seems slightly strange to a permanent employee or mentor. Possible social engineering attacks include:
- Leaving an infected device around so that when it’s plugged into a machine, the machine is infected.
- Pretending to be someone in authority and convincing the temporary employee to provide access, let them know their password, or otherwise compromise security.
- Phishing emails that convince someone to open up an application or enter details into a compromised website.
You can find out more about social engineering and what you can do about it here.
Ten — Provide Regular Employees Who Can Mentor and Monitor Temporary Employees
Put regular employees in place who can guide, train, and mentor your temp workforce. In addition to answering questions and assisting with workplace tasks and practices, they can also keep an eye on how temporary workers access and use data. Get them to gently guide on-demand workers in best practice for accessing and using business and customer information.
Eleven — Audit How Temporary Workers Are Accessing Data and Systems
Finally, you can put auditing in place to check what your temporary and on-demand teams are doing on company systems. Your policies should state that you may audit computer and data usage, and you will probably want to set reasonable thresholds so you don’t get too many false positives if a temporary employee is legitimately accessing data.
There you have it, a straightforward guide to securing your systems and data against data breaches and compromised information. Get these measures in place and you’ll significantly reduce the risk of exposing sensitive data.
