Can You Trust That Contractor’s Device? Cybersecurity for the Gig Economy

Can You Trust That Contractor’s Device? Cybersecurity for the Gig Economy


Self-employment is a fast-growing career. A growing number of individuals have found that they enjoy the flexibility and freedom of being an independent contractor, and can match or exceed what they would earn in a conventional job. Unlike previous generations who distrusted an entrepreneurial approach to the career, many Generation Z workers see more job security in having multiple clients than in having all their eggs in the basket of a single employer. Standalone platforms such as UpWork, Fiverr, and Toptal make it easier for freelancers to never find customers.

The pandemic has pushed more people to be self-employed than ever before: 36% of all workers said they were full-time self-employed in 2020, a 28% increase in a single year.

Live Cybersecurity - Boston

For business people, the picture is a little more complex. Agility, reduced costs, quality of service and the ability to turn to people with highly specialized skills for specific projects have driven greater outsourcing to both contractors and self-employed individuals. Increasing economic uncertainty is likely to further increase outsourcing, as organizations reduce staffing to reduce costs.

Many organizations, however, have only discovered after the fact that effective management of third-party vendors requires significant dedicated internal resources. Another factor that is often overlooked, that is, until there is a problem, is the cybersecurity risk associated with third-party workers and contractors.

Cybersecurity risks for contractors

Third-party freelancers and contractors often act as extensions to your in-house equipment, and as such, they often need (and are granted) access to your network, software, and cloud applications to do their job.

The problem is that since they are no employees, typically do not use a company laptop and mobile device, or even personal devices that have been reviewed by IT and / or equipped with security controls. It’s a “bring your own device” situation, but it’s more risky than facing organizations with their employees, as security controls can’t be applied to the contractor’s devices.

If a contractor’s device is infected with malware, this malware could easily spread to your network, potentially exposing your organization to all sorts of threats, from credential compromise to loss of credentials. ransomware sensitive information.

What about WAFs?

Web application firewalls (WAFs) are the classic answer to this problem. “Classic,” in this case, meaning “old-fashioned.” WAFs serve as reverse proxies, protecting servers from exposure to malicious devices. However, like traditional firewalls, WAFs are unsuitable for the age without current perimeter. WAFs are based on the fact that policy engines can apply fixed rules and identify known patterns, an approach that simply cannot work in our era of zero-day acceleration. And in fact, in a Ponemon Institute survey, 65% of respondents indicated that attacks on their organizations ’application levels overlooked their WAFs. WAFs also require intensive management, as they require an average of 2.5 FTE security administrators to process alerts and write new rules to improve WAF security, which in the end are largely ineffective.

Rescue web application isolation

Web Application Isolation (WAI) presents a smarter, earlier cloud-based, and much more effective alternative to obsolete WAFs. WAI reverses remote browser isolation (RBI), taking advantage of isolation to protect internal networks from risk-laden devices, rather than protecting devices from threats hidden in websites, emails, instant messages, and attachments. RBI opens content from websites and emails in single-use, isolated cloud-based containers, where all code, including malware, is stored. A secure stream of rendering data is sent to the user’s browser, where the user can interact with it as they would with the original website, only without risk. At the end of the session, the container is destroyed.

WAI routes all interactions between unmanaged devices and your organization’s applications, data, and networks through cloud-based containers, creating a gap that prevents direct interaction. Only the secure data displayed in the container reaches your network or your applications; The rest of the code, malicious or benign, sent from the device remains in the container until the end of the session, when it is destroyed. Even if an unmanaged device is infected with malware, no malicious code reaches your network or applications.

Additional protections for your network

ZTEdge secure access for unmanaged third-party devices is unique among WAI providers, as it does not require contractors, freelancers, or employees accessing your network to install any software or agent on their computers or devices. mobile phones. All they need is a standard web browser. Your IT department does not have to worry about contractors keeping their software up to date or remotely managing the agent installation.

ZTEdge facilitates the establishment of highly granular access policies that give contractors access only to the applications and data they need to do their job. And when your contracts run out, it’s easy to turn off access with just a few clicks.

Sensitive data can be protected from exposure by policies that block downloads and limit or prohibit the ability to trim and paste. DLP can also be applied to protect PII. Because WAI prevents data from being cached in users’ browsers, sensitive data is not at risk in the event of a device being stolen or lost.

Other protections include disinfecting loads to prevent infections and allow applications to be used in read-only mode.

There are benefits to using WAI not only for contractor access, but also for your website. By directing all access via WAI, your website is “dark” for attackers who want to explore your attack surface. Hackers trying to search your site or application will only see a few lines of code generated by ZTEdge RBI.

Ensure access to cloud-based applications

Cloud-based applications have simply become the way many companies work. As a result, contractors often need access to a company’s cloud-based applications, such as Office 365.

A typical defense used with cloud-based applications is to restrict access to specific IP addresses, but with so many workers working from remote locations and in many cases using multiple networks, access-based control in IP it is a challenge. However, each organization’s WAI tenant has a permanent, location-independent IP address. Requiring contractors (and employees, as the case may be) to access web applications only through WAI allows organizations to restrict their activity within the application. Policy-based controls can limit the files that a user can access or, for example, limit them to viewing files only but not making changes.

Conclusion

Third-party contractors, freelancers and concert workers are integral and essential to the operations of many companies. Organizations are becoming increasingly aware of the risk posed by users accessing their systems on unmanaged devices and the real threat they pose.

ZTEdge provides an easy and affordable way to protect your computer assets in today’s complex world, where users who may or may not be employed access applications and data that may reside on your network or cloud. Check out our case study to learn how a multinational IT consultant secured its HR applications with Ericom Web Application Isolation.

The publication Can you trust this contractor’s device? Cybersecurity for the Gig Economy first appeared on Ericom Blog.

*** This is a syndicated blog from Ericom Blog’s Security Bloggers Network written by MENDY NEWMAN. Read the original post at: https://blog.ericom.com/cybersecurity-gig-economy/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-gig-economy



Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.