As enterprise security leaders know, many of their employees are badged and enter and leave facilities through an electronic access control system.
But there is a huge and growing workforce that may be neglected. And, ironically, as the economy continues to improve, and full-time employment doesn’t, there’s a need to do an even better job screening temporary workers and independent contractors (ICs) as well as controlling their physical and computer access.
It’s not simple task, made the more difficult because hiring of temps and ICs may be outside the territory of security and traditional human resources.
The number of these workers is massive.
After hitting a peak of nearly 2.7 million workers in 2006, the temporary help industry lost more than one-third of its members during the downturn. Since then, it has regained a significant majority of the workers lost, 87 percent, as compared to all private employers, which have only brought back just over half of their jobs.
Those who track labor statistics say that temporary help agency employment tends to grow as the economy heads into a recession and as it heads out of a recession.
Then there are the more than 10 million self-employed workers, many of them independent contractors. And many of these work for high-tech firms where there is greater concern relative to high dollar, high-visibility losses.
In addition, it is expected that some employers will increase use of temps and ICs based on the perceived impact of the federal Affordable Care Act. There are temp and IC hiring variables based on location and type of business. See the overall hiring chart in this article.
Also impacting security sensitivities relative to temps and ICs is the BYOD movement. There is a greater chance that these workers will “Bring Your Own Device” to work or to access an enterprise network remotely, and that is a real vulnerability.
So what’s security to do generally when it comes to temps and ICs?
According to an expert panel interviewed by Securitymagazine:
- Set and enforce clear policies and procedures.
- Communicate those policies consistently and constantly to hiring departments.
- Embed expectations into temp agency contracts and IC agreements.
- Insist on background screening and drug testing matching full-time employee requirements.
- Extend BYOD rules to temps and ICs.
- Extend physical access controls (badges/cards) to temps and ICs on site.
“There are basic standards,” says David Cullen of ISI – Intelligence Security International, the consultant firm working with large firms, schools and law enforcement. “When dealing with a background check process, you need to check everyone and include language in the contract (for it).” Cullen advises to issue badges or cards to temp workers and program them for a given length of time of the contract or agreement.
And if enterprise security leaders think liability leverages to an outside agency, think again. “Not a slam dunk,” says Cullen. “You (or your organization) made the decision to have these people on site or work for you remotely. You just cannot shield yourself from everything.”
Oded Barlev agrees.
The vice president of national operations for ABM Security Services adds that the beginning of the best way to handle temps and ICs from a security standpoint starts at the C-suite level. Consistency also helps: “For background checks and drug screenings, if you are doing it with full-time employees, do it with temps, too.” And, when it comes to physical access control, Barlev suggests layers of restrictions depending on sensitivity of areas and hours of the day.
Daniel Budinoff of Security Specialists, the integration firm, likes tightened access, too. “Access control is essential,” he says. His advice: There are plenty of ways, based on visitor management, in which to handle temps and ICs. “Scanning a person’s driver’s license against databases can uncover potential problems.”
It’s a matter of assuming, concludes William Tate of HR Plus, a division of AlliedBarton Security Services. “Don’t make the assumption that a company you are hiring temps from is conducting background checks. Make it part of the contract.” Tate also spotlights a potential vulnerability beyond temporary workers and ICs. “Volunteers. A great many organizations today have volunteers on site or working for them. Without necessary screening, there could be trouble. You want the safest environment possible” even when it comes to unpaid volunteers.
Temps, ICs and BYOD
The Bring Your Own Device movement is already roiling security and IT executives. But BYOD can also as easily impact enterprises through temporary works and independent contractors.
According to a white paper from MaaS360 by Fibertek, the rapid proliferation of mobile devices entering the workplace feels like divine intervention to many enterprises. It’s as if a voice boomed down from the mountain ordering all of the employees you support to procure as many devices as possible and connect them to corporate services en masse. BYOD was born, and employees followed with fervor.
There’s no sense pretending it isn’t happening or saying, “We don’t let our employees do that.” The truth is, they’re doing it already and will continue to burrow noncompliant devices into the network with or without permission. A Forrester Research study of U.S. information workers, for example, revealed that 37 percent are doing something with technology before formal permissions or policies are instituted. Further, a Gartner CIO survey determined that 80 percent of employees will be eligible to use their own equipment with employee data on board by 2016.
This raises the inevitable question: How to support a workforce – including temps and ICs – that wants to use personal apps and devices while allowing it to be productive in a secure environment that protects corporate data?
The Ten Commandments of BYOD show how to create a peaceful, secure, and productive mobile environment.
The Ten Commandments of BYOD
- Create Thy Policy Before Procuring Technology
- Seek The Flock’s Devices
- Enrollment Shall Be Simple
- Thou Shalt Configure Devices Over the Air
- Thy Users Demand Self-Service
- Hold Sacred Personal Information
- Part the Seas of Corporate and Personal Data
- Monitor Thy Flock – Herd Automatically
- Manage Thy Data Usage
- Drink from the Fountain of ROI