Almost all businesses need temporary workers at some time or another, but December is an especially popular time to bring in extra help.
Of course, if you are hiring temporary employees, you will likely need to set them up with access to your company network, maybe give them an email address, and possibly even authorize them to work with databases that contain sensitive information.
In fact, according to a new study by Avecto, 72 percent of temporary hires are given admin privileges on the company network. We already know that insider threats are a serious concern to cybersecurity. When temporary employees are given network privileges, companies could be unwittingly setting themselves up for a serious security failure. As Paul Kenyon, EVP of global sales at Avecto, stated in a release:
Giving any worker admin rights is akin to giving them the keys to the kingdom. The insider threat has been well documented, but this research demonstrates that businesses clearly haven't got the message.
Kenyon went on to say that companies and employees continue to see security as a roadblock to work production. So often, good security practices fall to the wayside in favor of efficiency. We also tend to put too much trust in the people working for our company. “Someone else has insider problems; the people we bring in are trustworthy.” But even temporary workers, or maybe especially temporary workers, should be well vetted and have strong security practices in place to protect the network. According to Tripwire, it can be difficult for a company to tell an outsider from an insider:
Those who target and plan attacks from the outside might create strategies for obtaining insider knowledge and access by either resorting to an existing employee, or by making one of their own an insider.
What can a company do to help lessen the risk of threats caused by temporary workers? Kenyon suggested IT departments take a “granular approach to admin rights on the endpoint” and develop a privilege management plan, where privilege is granted to applications, not to users. Temporary workers should be given access to the bare minimum of the network and their accounts should be eliminated as soon as their term of employment is expired. In fact, that’s a good idea for any employee. Insider threats are real and if you give temporary workers too much insider access, it could end up haunting you for a long time after their term of service has ended.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba