Growth of the gig economy comes with a cybersecurity threat
The UK currently has around 2 million freelancers, and in the coming years the number of gig economy workers is forecasted to continue its meteoric rise. The growth of freelancing however comes with a threat to cybersecurity, warns an IT security expert.
Global digitalisation and widening opportunities to work independently fuel growth of the gig economy. Research carried out by the Association of Independent Professionals and the Self-Employed (IPSE) revealed that in the United Kingdom, the Netherlands and France, the growth of freelancers had surpassed the growth of overall employment. The trend indicates that traditional businesses are losing control over their employees’ workplace security status, while the safety of sensitive corporate data is being laid into freelancer’s hands.
The expansion of the gig economy is also stimulated not only by freedom-seeking professionals but also lean-thinking businesses. Outsourcing tasks and responsibilities to freelance workers provides companies with more flexibility to control costs, working hours, and more. However, this also means that they become clients, and must open part of their internal resources to those who have limited or no direct liability to their business.
“Internally, companies develop strict security procedures for their employees and invest in expensive security systems. However, when it comes to outsourcing, companies lose control of any data they share with the outsiders,” says Naomi Hodges, Cybersecurity Advisor at Surfshark. “Generally, it is the same as leaving the backdoors unlocked in a fort.”
She says that when outsourcing business functions, most companies rely on confidentiality agreements. However, the increasing occurrences of data breaches demonstrate that potential financial and reputational losses are, in most cases, much higher than any agreement can cover. Even in an office setting, employees remain the weak link. Phishing attacks are incredibly frequent and, as practice shows, not even the big corporations are entirely safe from determined hackers. For a phishing scam to work, one leak is enough. However, the information security assurance gets even more complicated to maintain in case of freelancers.
The disregarded data security risk
A vast majority of freelancers choose to work remotely – in coworking spaces, cafes, or anywhere where there is decent Wi-Fi. They invest in getting the necessary tools for work, such as computers, software, and other devices. However, security of those devices is often omitted from their to-do lists.
“Almost anyone with some basic technical knowledge can crack the connection of public Wi-Fi after watching a step-by-step tutorial on YouTube. The hackers can see anything that is being sent to or coming from the computer using the network. If a freelancer does not encrypt its traffic, all their documents and files are put on public display,” explains Naomi Hodges.
The growth of the gig economy means that the number of vulnerable individuals is also growing. Freelancers who do not protect their devices are putting themselves and their clients at risk of data breaches, leaks of confidential information, and more.
How to secure freelancers
Companies usually enforce security and privacy on a network level. Since it gets complicated to replicate it when working with freelancers, business should require them to have security implemented at least on the device level, as even one vulnerable device can easily allow accessing confidential files and accounts. Naomi Hodges says, that although there are several solutions to encrypt any device’s data traffic, virtual private network (VPN) software is one of the most advanced and easiest to use. In addition to protecting from online snooping, VPN shields from malware attacks and surveillance.
“It does not matter if a freelancer is a business consultant, an engineer, or a photographer. They all work with information which can be classified as sensitive to their clients,” explains Naomi Hodges. “Usually, it’s not too difficult to indicate their clients simply by looking at their portfolios. They all count on luck that nobody is interested in his or her files, but that is why data breaches happen.”
A reliable VPN service can benefit both the freelancer and their employer. As an inexpensive tool, it can offer secure browsing while on public or home Wi-Fi, as well as ensure the user’s digital privacy. Connecting to a specific country’s service allows the user to work seamlessly while traveling abroad, especially if they need information which is only available in their home country.
If business managers who work with outside suppliers, such as freelancers or agencies, do not require them to have any security assurance apart from confidentiality agreements, it should be a responsibility of a reliable freelancer to ensure that their client’s data is safe.
Industry: Cyber Security News
- Information Security Risk Consultant, London. ISO 27005
REFCH7901 Information Security Risk Consultant, London. ISO 27005 Information Security Risk consultant needed for a London based client. The ability to achieve SC security clearance will be required. ISO 27005 Risk Assessment experience is essential. The role will cover, Risk identification, Assessment and Advisory consulting. This is a client facing role, single client- not multiple. Experience working with multiple teams and internal stakeholders is essential. The information Security Risk Consultant should ideally have a breath of information Security and IT technology based security experience. Prior experience within the public sector is desirable, but not essential. Broad knowledge across Security IT transformation, Cloud is also key. Broad experience across GRC, iso27001, NIST is key. Ongoing support and training provided. Apply today for more information, all details kept in confidence.
- Google Cloud platform Security Engineer, Contract, inside IR35
- United Kingdom
REF CH7897 Google Cloud platform Security Engineer, Contract, Inside IR35 Looking for a Google Cloud platform Security Engineer will define, document, design, implement, harden and generally improve the security capability of a Google Cloud Platform. The ability to configure, and deploy the following Google Cloud Platform security solutioons is essential; Command Security Centre, Cluster Security, APIGEE, GCP Cloud Armor Hands on technical expertise security experience with Terraform, Kubernetes Security, Container (Docker) security, Secret Manager is essential as is experience securing Google Kubernetes Engine Workloads. It is essential that you have a proven track record of securing a GCP environment and expertise in automating that with Terraform. Scripting experience with the above where appropriate is a key ability. You will be highly technical and have the ability to engage with stakeholders to ultimately deliver a secure and hardened Google Cloud Platform.
- Security Analyst, London. Financial Services. End user.
CH7885. Security Analyst, London. Financial Services. End user. Immediate role. £55,000 Security Analyst needed to monitor and manage a security suite of tools within Financial Servicecs end user . The Security Analyst will be responsible monitoring, configuring, fine tuning, incident management and generally improving the security tool capability. Specific experience with CyberArk, Tripwire Log Center and Tripwire Enterprise is highly desirable). Current experience with Vulnerability management and penetration testing is highly desirable. Specifically the ability to effectively manage 3rd party pen tests. You will be working within a specialist security team reporting to the CISO. Experience working within a regulated end user environment within financial services is highly desirable. This role will run a hyrbid working schedule, partly remote, partly office based in London (once permitted) This is an exclusive role to DCL Search & Selection. https://calendly.com/chris-holt/call-with-chris-holt-dcl-search
- IAM Consultant- Identity Governance
- United Kingdom
- Upto £80,000 plus benefits
Identity and Access Management Consutlant is required for this established business who put their employees first. the role entails • Develop and maintain IAM services. • Further develop IAM tool integration with Service Now to provide automated JML processes and application access requests and fulfilment. • Provide guidance over Role Based Access in terms of Location based Roles, Application Roles and Business Roles and act as SME over any future RBAC project. • Work closely with our other Technology teams on integrating IAM services with Technology and business systems to increase efficiency through automation around areas such as JML processes, application access request fulfilment and attestation. • Work with the Governance Risk & Compliance (GRC) team to provide application access attestations and toxic combination alerting and reporting. • Involvement with Identity Management initiatives such as Single Sign On (SSO) and Privileged Access Management (PAM), to ensure security and business processes are in line with industry best practice. • Assist in ensuring that all IAM capabilities are mapped to internal processes, policies, and standards. Develop metrics to measure and improve the alignment. • Complete monthly review and report on sensitive group access, i.e., service accounts, admin accounts, etc. validating I&O processes are effective. • Provide information to both internal and external Auditors in response to findings. • Collate audit evidence for AAF audit and control reviews, taking responsibility for identifying service and process improvements to ensure compliance with our controls and standards. We are looking for someone with Hands on technical experience with the IAM tools, you need to have been involved in the integration of the IAM solution into 3rd party software like Servicenow, You will have worked with an IAM tools that are focused into Identity Goveranance, like RSA, CA Identity Suite, Fischer Identity, Hid Global, IBM IGL, Net IQ Identity Goverance, Omada, Ping or Oracle Post covid, this role will invovle a mix of home and office work, the business have a number of office spread across the UK so locaton is flexible for this position