The Insider Risk of Temporary Employees

Sue Marquette Poremba
Slide Show

Six Data Breach Predictions for 2015

Almost all businesses need temporary workers at some time or another, but December is an especially popular time to bring in extra help.

Of course, if you are hiring temporary employees, you will likely need to set them up with access to your company network, maybe give them an email address, and possibly even authorize them to work with databases that contain sensitive information.

In fact, according to a new study by Avecto, 72 percent of temporary hires are given admin privileges on the company network. We already know that insider threats are a serious concern to cybersecurity. When temporary employees are given network privileges, companies could be unwittingly setting themselves up for a serious security failure. As Paul Kenyon, EVP of global sales at Avecto, stated in a release:

Giving any worker admin rights is akin to giving them the keys to the kingdom. The insider threat has been well documented, but this research demonstrates that businesses clearly haven't got the message.

Kenyon went on to say that companies and employees continue to see security as a roadblock to work production. So often, good security practices fall to the wayside in favor of efficiency. We also tend to put too much trust in the people working for our company. “Someone else has insider problems; the people we bring in are trustworthy.” But even temporary workers, or maybe especially temporary workers, should be well vetted and have strong security practices in place to protect the network. According to Tripwire, it can be difficult for a company to tell an outsider from an insider:

Those who target and plan attacks from the outside might create strategies for obtaining insider knowledge and access by either resorting to an existing employee, or by making one of their own an insider.

Insider Threat

What can a company do to help lessen the risk of threats caused by temporary workers? Kenyon suggested IT departments take a “granular approach to admin rights on the endpoint” and develop a privilege management plan, where privilege is granted to applications, not to users. Temporary workers should be given access to the bare minimum of the network and their accounts should be eliminated as soon as their term of employment is expired. In fact, that’s a good idea for any employee. Insider threats are real and if you give temporary workers too much insider access, it could end up haunting you for a long time after their term of service has ended.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Add Comment      Leave a comment on this blog post
Dec 30, 2014 10:22 AM Karen Bannan Karen Bannan  says:
The stat you mention is crazy! How is it possible that IT would allow nearly three out of four temporary employees access to the network? I think this population is extremely well suited to a DaaS or VDI set up so that their abilities are limited and carefully monitored as opposed to letting them have access to whatever resources might be on or accessible via a regular traditional desktop. Just my $.02! --KB Karen J. Bannan, commenting on behalf of IDG and VMware. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.