Why HR is key to managing security risks from temporary workers

Organisations have a myriad of different workers within their ecosystem: permanent staff but also temporary workers like freelancers and contractors. In fact, nearly half of businesses today are comprised of non-employee identities like these.   

While these provide flexibility for businesses to adapt in rapidly changing market conditions, a growing reliance on third-party labour also introduces new security risks.

Organisations need to closely monitor who is part of their network, or they risk the wrong identities creeping in.  

HR, the first point of contact with new employees, has a vital role to play here.

Yet, our research found three quarters (76%) of UK organisations are yet to integrate HR into their identity security strategy. With the right tools and training, HR can work hand in hand with IT to manage the risks associated with temporary workers.   

How HR fits into the security puzzle   

HR teams have unmatched knowledge of people.

They are often responsible for onboarding employee information into internal business systems and ensuring appropriate access for their roles.

This is relatively straightforward when monitoring existing employees. However, it’s more difficult with third-party identities like freelancers.  


Part time work reaches post-pandemic peak


Non-employees often work for organisations for shorter periods of time, and as a result, their details aren’t always captured in organisational HR systems, nor are they stored on a business’ database alongside full-time employees.

Inputting non-employee details into HR systems can be a challenge due to compliance and security issues, and it can be costly to purchase specialised HR tools that efficiently handle freelancers' unique requirements.   

Many temporary workers are also brought into a business with urgency to plug resource gaps, causing their integration into the workforce to be rushed at times, leading to over-provisioning permissions or inadequately managed access permissions.

This can leave open entry points for hackers to exploit confidential information.

In a
recent study, we found that half (51%) of executives shared inappropriate access with non-employees – 54% revealed that this resulted in severe security issues including data loss, loss of control over resources and compromised intellectual property.   

To overcome these risks, HR must be integrated into the process and made aware of the risks third parties pose if they aren’t monitored properly.   


Pandemic changed managers' mind on part-time workers



HR and IT: the security dream team 
 

A large threat associated with non-employees is the potential for unauthorised access to sensitive data and systems. With a wider pool of individuals requesting access to resources, there is greater potential for cybercriminals to exploit weak infrastructure.   

To combat this, HR and IT must work together to increase the visibility of identities within their system.

One way to do this is to have processes in place for HR to communicate the details of non-employee identities entering the businesses to IT.

This allows IT teams to enforce stricter access controls, reducing the risk of unauthorised access by only allowing access to the necessary applications and data – no more, no less.   

HR and IT departments should also have automated processes in place that regularly audit access privileges, removing those no longer needed.

Background checks, security clearances, or certifications should be part of the due diligence process ahead of any access granted.   

 

AI as a silent business partner  

Today’s digital age has caused an explosion of identities – whether employees, third parties or contractors, these are set to increase by 13% over the next three to five years.  


AI regulations: how can HR get ahead?


AI and machine learning (ML) will increasingly be needed to manage the growing number of identities.

Identity security solutions which include AI and ML can analyse vast amounts of data to detect patterns indicative of potential threats. AI can also remove privileges automatically when no longer needed, like when a contract ends or a role changes.

This can free HR and IT teams’ time to spot and respond more quickly to emerging risks, helping prevent data breaches and other security incidents.  
 

With the right technology and training in place, HR can be an organisation’s first line of defence when it comes to managing any risks from an evolving workforce.

Working hand in hand with IT, they can play a pivotal role in future-proofing an organisation and safeguarding it for success.   
 

Steve Bradford is senior vice president EMEA at SailPoint