We’ve been talking a lot about the growing contingent workforce and what that means for management and IT when it comes to security and risk. Earlier this month, our CEO, James Litton, wrote a post about the need for basic security training at all levels of an organization. Today, I want to bring the two topics – contingent workers and security training – together.While it could be argued that many full-time employees aren’t given proper security training, in most cases, contingent workers are completely forgotten. A recent survey found that 50% of temporary workers aren’t informed of any application or data restrictions during onboarding. Maybe it’s a matter of out of sight, out of mind that their training is overlooked – if they only work part-time or remotely. Or perhaps, as temporary employees, they have condensed onboarding. It’s even possible that the organization as a whole doesn’t put proper value into security training.
Regardless of the reason, the fact remains, contingent workers often pose a greater risk to an organization than salaried workers, yet proactive steps aren’t being taken to mitigate the inherent risks associated with this workforce. While more advanced technologies can secure company data and systems from unintentional and even malicious acts of contingent workers, it’s also important to provide temporary employees with the same degree of security awareness training that traditional, salaried employees receive, if not more.
Your organization’s training program should answer these questions:
- Are contingent workers aware of all security policies, procedures, and penalties?
- Do your contingent workers know which systems and apps they are authorized and not authorized to access through the corporate network when working remotely?
- Are contingent workers aware of the approved methods for sharing corporate data and documents internally and externally – and the risks using non-approved methods pose to both the company and themselves?
- Do contingent workers who simultaneously work for multiple companies know to save all sensitive material to your systems, rather than their own, so you can ensure it’s properly protected?
- When security policies change, are they communicated to contingent workers? And if so, is it in a timely manner?
- Are there company guidelines in place to ensure contingent workers develop tough and secure passwords?
- Is there a procedure to follow when contingent workers need to request access to new systems?
These are just a few security concerns that are of particular relevance to contingent workers. Of course, contingent workers should also receive the same basic training that all other employees receive, such as what an email phishing attack looks like or the importance of following authentication method requirements.
So, what do you do? Work with your HR team to make sure security training is a part of the onboarding process for ALL employees, not just salaried employees. With contingent workers, create a slightly different training program that focuses on the specific situations that could open your company up to increased risk. It’s also very important to re-train employees annually and on an ongoing basis, so they know when new technologies and processes are developed and the latest updates to security policies and protocol.
If your organization invests more time in properly training all of it’s employees on security awareness, you’re taking steps to better secure the organization. You could have the greatest technology in the world, but if your contingent workers don’t know how to use it, or aren’t following the corresponding policies, you’re still vulnerable.Other blog posts that might interest you: