According to the U.S. Bureau of Labor Statistics, independent contractors (ICs) represented 6.9 percent of the total workforce in 2017. However, other sources, such as Staffing Industry Analysts, estimate the number to be as much as 15.5 percent if diversified workers and moonlighters are included. Regardless of which statistic is correct, one thing is clear: independent contractors form a significant portion of the workforce. Moreover, according to LinkedIn, the majority of ICs are highly educated and skilled; plus, many are mid-to late-career professionals. For these reasons, many companies are choosing to work with ICs instead of expanding their full-time workforces.
Depending on the company and industry, hiring ICs can bring certain complexities with it. For example, it’s not unusual for ICs to have access to the hiring organization’s network and system, as well as to its proprietary or sensitive data. Additionally, ICs typically provide their own tools, which are difficult to secure. A company can’t guarantee the same level of security on an IC’s personal devices such as smartphones, tablets, laptops and desktop computers.
Clearly, these factors can raise security concerns. After all, according to IBM’s Security Intelligence, almost 75 percent of security breaches are caused by insiders — whether that’s due to human error or malicious intent. Moreover, lost or compromised devices can also lead to data loss. The fallout of data loss can be costly for a company, both in terms of finances and reputation.
For these reasons, it’s imperative to have solid security policies in place with regard to hiring ICs. Keep the following best practices when working with independent contractors in mind:
Run criminal background checks and identity checks.
Have ICs sign non-disclosure agreements.
If ICs will have access to sensitive or proprietary data, have them sign a policy that governs the use of this data and includes an NDA.
Limit access to systems and data.
Structure your organization’s system to ensure limited access. Restrict sensitive data or infrastructure based on need.
Provide unique usernames and passwords.
To ensure sufficient security, the company’s system administrator should generate and manage this process.
Revoke system access when the engagement ends.
Make sure that as soon as an IC is offboarded, his or her username and password is no longer accepted by your system. This will limit unauthorized access.
Independent contractors can be a valuable source of expertise and labor. They can help your business advance without an investment in full-time employees. By creating and enforcing best practices when working with independent contractors, you can harness the power of this segment of the workforce while at the same time, minimizing your organization’s exposure to risk.