The rise of collaboration tools and the mixed workforce of full-time and freelance staff that use them means more security risks.
As technology continues to power pretty much everything we do in ever more complicated ways, it’s no surprise that CompTIA, a nonprofit trade association for the technology industry, projects that the global IT industry will grow 4.1% in 2017, making it a $3.5 trillion sector. CompTIA also estimates the IT industry’s employee headcount at some 5.98 million workers, a cohort that includes technical positions like software developers and network administrators, as well as non-technical roles like sales, marketing, and HR, both full-time and freelance.
Of course, this upward trajectory isn’t without challenges, and CompTIA’s most recent report reveals two in particular that could impact vast segments of the global workforce—not just the folks working behind IT desks.
For starters, there’s the threat to information security that you probably already know about, especially after last October’s cyberattack on Dyn, a company that controls a massive portion of the internet’s domain name system. Experts were calling the DDoS attack the largest of its kind, and the outage affected major sites such as CNN, Reddit, Twitter, and Netflix. The perpetrator: a botnet made up of connected devices like DVD players, not computers.
The recent series of major security incidents aren’t driving companies to overhaul their security measures.
Despite this and other massive data breaches at major retailers and hospital systems, “the headline-making breaches of the past three years have not put companies out of business, and research studies show that most firms are not fully prepared for a cyberattack,” the report’s authors write. What’s more, CompTIA researchers found that this recent series of major security incidents aren’t driving companies to overhaul their security measures.
Indeed, in a recent study by Intel Security and the Center for Strategic and International Studies (CSIS), 82% of the companies surveyed reported a shortage of cybersecurity skills in their organizations. And many had already paid the price: One in four confirmed that their organizations had suffered cyberthefts of proprietary data due to this lack of qualified experts on staff.
Compounding these growing threats are a couple of workforce trends that make them more likely—namely, the rise of workplace collaboration tools. CompTIA’s report points out that as more workers take advantage of BYOD (“bring your own device”) policies and use their own smartphones and laptops for work purposes, the use of project-management platforms and apps has risen in order to keep everybody connected.
A new study from Okta, an identity and device management provider, based on data from its own customers who generate an estimated million+ logins, found that more than 50% of apps accessed through its service are not provided by IT departments.
This means workers are using Okta to secure their personal apps and data as well. But among the business tools accessed, videoconferencing app Zoom, Cisco’s Umbrella, and Slack topped the list. From this, it’s not unreasonable to infer that a lot of employees are mixing business and play on their own devices, as well as those of their employers.
The more companies rely on part-time and freelance talent to supplement their full-time staff, these vulnerabilities are likely to grow.
And the more companies rely on part-time and freelance talent to supplement their full-time staff, these vulnerabilities are likely to grow, CompTIA researchers warn. According to a survey commissioned by the Freelancers Union, a nonprofit organization that advocates for independent workers, and Upwork, the largest online freelance marketplace, this part of the workforce numbers 55 million strong, representing 35% of the total U.S. workforce. And among those who aren’t currently freelancing, 81% said they would “be willing to do additional work outside of [their] primary job if it was available and enabled [them] to make more money.”
Platforms like Upwork and Upcounsel make it even easier for more freelancers to connect with employers for project work, all of which CompTIA suggests could magnify the existing security issues. After all, freelancers may be even more likely than full-time staff to work remotely and rely on their own equipment, devices, applications, and platforms to accomplish their tasks.
And let’s not forget that many companies are starting to experiment with the use of artificial intelligence, both to automate certain tasks and to engage with customers.
Voice-activated digital assistants like Amazon Alexa can dim the lights in a conference room, explains Tim Herbert, senior vice president for research and market intelligence at CompTIA, but that’s just the start. Any job functions that deal with high volumes of information and pattern recognition can deploy AI technology more deeply than before, he says. But keep in mind that was largely Internet of Things (IoT)–connected devices like these that last year’s DDoS attack leveraged.
Herbert explains that just as communication and collaboration platforms, like Slack or HipChat, let users create custom bots to handle basic tasks inside companies, bots are being used outside companies, too. And while some brands are already finding success using chatbots for front-line customer support, all of these come with their own security risks. For instance, as machine learning gets better at making chatbots sound more like real people—and since they can be programmed with untraceable points of origin—the risk of phishing scams duping unsuspecting users is going up.
So what does that leave increasingly fretful IT teams to do? There are a few things.
Perhaps the easiest issue to tackle first involves the so-called “blended workforce.” Herbert suggests that companies can minimize the security risks posed by contingent workers by taking steps before, during, and after engaging them.
“Similar to the hiring practices of full-time staff, companies should have a vetting and onboarding procedure in place for contingent workers,” Herbert advises. That includes some basic, low-tech measures, like using reputable recruiters and making sure onboarding includes a review of the corporate security policy. “If there is the possibility [that] new intellectual property could be created by the contingent worker, an appropriate legal agreement should be in place,” he adds.
“Sharing passwords or accounts of full-time staff with contingent workers is a risky proposition.”
Then, while the independent contractor is working for the company, Herbert suggests giving that worker dedicated, limited, and temporary login or access credentials. “Sharing passwords or accounts of full-time staff with contingent workers is a risky proposition,” he cautions. “Access should only be granted to the work at hand.”
Additionally, he recommends compartmentalizing corporate systems and files to prevent contingent workers from viewing sensitive information. “This is especially critical in the era of cloud applications, where it may be easy to provide blanket access,” says Herbert. After they’ve completed the work, any logins, passwords, or access credentials should be immediately disabled.
As the workforce and work itself continues to undergo rapid evolution at the hands of technology, IT teams—and companies at large—will continue to have their hands full. They’ll need to address skills gaps among their own employees, different modes of communication and collaboration with existing staff and customers, plus figure out how to implement AI. Each of these knotty issues comes with their own set of security questions.
As the CompTIA report’s authors note: “As with any ‘shadow IT’ scenario, however, organizations must balance the potential benefits of greater worker productivity and job satisfaction with security and corporate IP risks.” It’s that cost/benefit analysis that’s sure to be part of all business leaders’ conversations—and IT managers’ worries—in the months to come.
This article was written by Lydia Dishman from Fast Company and was legally licensed through the NewsCred publisher network.