Outsourced staffing can lead to security risks

We’ve all seen stories about labor shortages occurring across multiple industries, where there are more available jobs than candidates. As a result, we’ve seen many clients go the “virtual employee” route, working with individuals or outsourced staffing companies to fill needs ranging from internal accountants to tele-nursing assistants to call center representatives.

Many times these external human resources require access to internal IT resources, often through VPN access for which we are tapped to facilitate, and often using the remote worker’s personal computer. When we are helping setup these systems for remote access, we’re often struck by the cavalier attitude some have about IT security basics.

It’s not uncommon to find users still running Windows 7 or older, unsupported operating systems. In some cases, the operating system or other software is pirated, meaning it isn’t legally purchased and therefore ineligible for support. Antivirus software is often missing, outdated, or broken and not actually working. If these were client-owned machines for W2 employees, these issues would have long since been dealt with and not exist. However, how much can a client dictate IT health as a prerequisite for access?

The answer is often as much as they are inclined to do. There are some technical restrictions that can be put in place, such as restricting access only by devices with installed, recognized, working anti-virus software. Some will even require Suite3 security tools be installed on contractor-owned “Bring Your Own Device” (aka BYOD) systems. However, many are leery of dictating terms to a contractor in an already tight labor pool.

The risks however, rest solely with the client. By accepting external access to your environment from substandard end-points, you are accepting the risks associated with that decision. Want to explore ways to tighten security for your outsourced employees? Talk to us about what options may be available.