Some common cyber threats facing the retail industry include ransomware attacks, social engineering, system intrusions and insider threats. The retail sector is often targeted by cybercriminals
Updated on May 16, 2023.
Organizations worldwide have increased their use of self-employed freelancers and private contractors. There are now 73.3 million freelancers working in the U.S. alone.
However, one of the most critical challenges to this working relationship is security – specifically, properly and securely managing contractor passwords used to access internal systems. In order for companies to secure data when working with freelancers they need to educate and train their freelance employees, invest in a business password manager and follow the principle of least privilege.
Continue reading to learn about the security risks involved when working with freelancers and how businesses can reduce these risks.
What is a Freelancer?
A freelancer, also called a contractor, is a person who is self-employed and is not committed to one employer. Freelancers often work with multiple clients at a time and get paid on a per-project or hourly basis.
While many businesses use freelancers or subcontractors, it’s important they consider the steps they must take to properly secure access to company data.
Security Risks When Working With Freelancers and Subcontractors
When businesses outsource work to freelancers and subcontractors, there may be situations where they have to share access to systems. For example, website maintenance and content marketing will typically provide access to a Content Management System (CMS), control panel or social media accounts.
Insecure password sharing
When employees don’t have a secure way to share access to accounts and systems, they will rely on insecure methods such as sharing passwords through email, text message or Slack. This puts company data, systems and accounts at risk. There’s always the possibility of spyware being installed on an employee’s device or a security breach occurring, so it’s always best to implement cybersecurity best practices.
IT has no access management oversight
When IT has no way of managing account access, freelancers and subcontractors may be given more access than they need. IT has no way of knowing what accounts and systems freelancers have access to, which can lead to security gaps that can put a company at risk. This also complicates any offboarding process a company may have in place.
Businesses put a lot of trust in the freelancers they hire, and although security threats may not be malicious, password and system security are only as strong as the weakest link.
How to Securely Manage Freelancer Passwords and Access
Here are a few of the ways companies can manage their security when working with freelancers.
Educate and train freelancers
Just like any other employee your company hires, a freelancer should also learn the cybersecurity protocols the company has put in place. This is important especially if the freelancer has access to accounts that contain sensitive data.
Some of the things you can educate and train freelancers on are:
- Phishing and social engineering attacks
- Policies around using public Wi-Fi
- Password sharing policies
Use a business password manager
A business password manager safely stores login details, conducts automatic logins for saved websites and allows secure password sharing – all with the ability to revoke permissions at a moment’s notice. A password manager is a safer alternative to simply sharing company password details via text, unencrypted email, spreadsheets, Slack or even a phone call.
With a password manager, companies can quickly and securely share credentials with contractors and freelancers without requiring them to download their own password manager. All employers need is their freelancer’s email address to send them a request and share a record.
Follow the Principle of Least Privilege (PoLP)
When working with freelancers, it’s best to follow the principle of least privilege. Freelancers should only have access to systems, applications and files they need to do their jobs- nothing else. It’s also important that companies keep track of all things the freelancer does have access to in order to avoid giving them excessive rights and to make revoking access at the end of a completed project seamless.
Have a clear onboarding and offboarding process
Onboarding and offboarding management is crucial to securing access to company accounts, systems and applications. A clear onboarding process will make offboarding more efficient later on. With a clear offboarding process, companies mitigate security risks and prevent legal issues associated with the end of a freelancer or subcontractor’s time within a company.
Protect Company Data With a Password Manager
Working with a freelancer requires trusting them and providing system access. But trust doesn’t require foregoing all security practices. With a password manager, your business can provide safe, secure access to your systems without placing company data at risk.
Check to see which Keeper business plan is right for your organization.