A huge swath of the U.S. workforce doesn’t actually hold a full-time job. As many as 40 percent of Americans work in the so-called “gig economy” — driving for ride-share services, selling handicrafts online, pet-sitting, managing a social media account for a local company, and so forth.
Typically, a technology company (Uber, Etsy, Rover, AirBnB; the list is endless) matches those workers with customers who have a need. The tech companies help to facilitate transactional relationships through a carefully structured platform, with a high level of automation and relatively low risk.
Security risks emerge when a company hires on-demand workers through gig platforms to process business data or perform other online workflows from the workers’ homes.
It may feel like a competitive advantage to outsource the processing of large datasets, but before you head for one of the gig websites to find your next data entry contractor, consider the cybersecurity and data security threats a gig worker may introduce to your organization’s data. Are you ready for that level of data risk management?
The High Risks of Low-Cost Gig Work
While the entrepreneurial drive that inspires someone to hang his or her shingle on Fiverr as a data processor or translator is to be admired, the company hiring that worker shoulders a considerable amount of risk.
Gig workers practice BYOD (bring your own device), and it’s difficult for a company to know whether the gig worker’s business decisions are sound and ethical — especially decisions about cybersecurity. Gig workers usually aren’t on-boarded in the same manner in which you screen full-time staff, and that can significantly increase the risk to your sensitive data. Here are some of the data risks to consider:
- Unauthorized data sharing. Theft of protected information such as customer or payment information does happen, and it poses a huge financial risk.
- Difficulties in enforcing cybersecurity practices on personal devices. A gig worker uses his or her own device to work for you, and you have no control over that device. As gig workers often work alone, they may not be aware of the cybersecurity risks in their own environment, leaving them vulnerable to data breaches and cyberattacks.
- Theft or damage of a gig worker’s device. Home computers go everywhere and sometimes not even with the gig worker. A family member or friend may borrow the device and suddenly have access to all types of data that belongs to you, adding a new layer of potential risk.
- Risks to your regulatory compliance. Unless you have the ability to monitor remote work in real-time, you may not discover violations of regulatory requirements before they become a risk. Using unprotected VPN connections or public wi-fi networks may pose a significant threat to your company’s regulatory compliance.
Data Risk management for Gig Workers
If you decide to use gig workers for some of your business operations, look at your general data governance policies before you bring anyone onboard. Data protection should always be at the forefront of your mind as you begin implementing gig workers into your general workflow. Consider establishing a separate (but stringent) onboarding policy for gig workers, and make sure you don’t skip over these minimum requirements:
- Use the least privilege access model when allowing a gig worker onto your computer systems. It’s the first step in data risk management.
- Two-party authentication is a must. This means the gig worker has to log in with a combination of a password and something the worker owns, like an access code sent to a cell phone.
- Guard your data against gig worker device failure. Engage your risk managers to make sure that potentially corrupt or infected data elements can be isolated to the gig worker’s account, and not spread laterally to the rest of your network.
- Carefully monitor the data quality produced by gig workers. Quality control should happen on an ongoing basis, and is an important component of risk management. This is especially important if gig workers perform any financial services such as payment processing.
Manage Risks Before They Manifest as Reality
As you develop your business, you may find that gig workers are the right solution for you. To mitigate data risk and strengthen your data risk management practices there are many software solutions that can help you.
Using artificial intelligence and sophisticated data analytics, ZenGRC is a great tool that will help you stay ahead of regulators and compliance changes while you increase your data security.
ZenGRC’s compliance, risk, and workflow management software is an intuitive platform that not only keeps track of your workflow, but also lets you find areas of high risk before that risk has turned into a real threat.
Worry-free compliance management is the Zen way. For more information on how ZenGRC can enable your CMS, contact us for a demo.