3 minute read
BIG PICTURE
US chipmaker banned in China over ‘security risk’ concerns
Boise, Idaho
Advertisement
Beijing stepped up its feud with Washington in May after announcing that products made by Idaho-based memory chip giant Micron Technology pose a national security risk. China’s cyberspace regulator said that it found Micron products had unspecified “serious network security risks” that were a hazard to the country’s information infrastructure.
CAC’s statement did not provide further details of the risk or which Micron products were deemed a threat.
Ntit Y
to independent contractors, using personal devices to access sensitive corporate data can pose serious cybersecurity risks for companies. It is essential to understand these risks and implement robust security protocols and proactive measures.
Research by Beyond Identity indicates that short-term contractors may enjoy long-term access to corporate data and accounts. They may also be accessing this data from devices that are not well secured. This access ranges from financial affairs (87%) to communications channels (64%) to operational processes (63%). This risks significant corporate data breaches, social media hacks and phishing attempts.
Q. WHY IS FOLLOWING PROTOCOL SO IMPORTANT?
» Contractors are also less likely to follow established security protocols to protect devices. According to the survey findings, 62% of companies required contractors to adhere to security protocols during the onboarding process. Most gig workers surveyed reported complying with this requirement by using complex passwords that are regularly changed. While multi-factor authentication and firewalls were identified as top security measures contractors took to guard against cyberattacks, less than half of the respondents confirmed using these safeguards.
There are over 2,000 cyber attacks every day, leading to more than 800,000 people or businesses being compromised each year. One of the leading causes is human error, with 88% of attacks attributed to mistakes. Failure to adhere to security protocols can thus have significant consequences.
Sadly, the research revealed that 76% of freelancers had been hacked while working on a gig. This has resulted in 64% having an average of US$260 stolen, usually by unauthorised purchases. At the same time, 60% of gig worker usernames and passwords have been stolen, providing an access point for data theft.
Q. TELL US ABOUT THE IMPORTANCE OF PUTTING TRAINING FIRST?
» Hacking attacks are frequently the result of employee mistakes, making those who use gig workers responsible for ensuring they are adequately trained in cybersecurity processes. Adversary methods change constantly, and we need to stay up-to-date with all the latest techniques. Prevention is better than a cure, so organisations should start with a robust security protocol and comprehensive training.
Training can be as simple as highlighting the potential harm of phishing scams, malware, and other forms of cyberattacks; encouraging phishing-resistant multifactor authentication; and teaching about the danger of clicking on unknown links or downloads. Better yet, organisations across the board should move to passwordless technology and phishing-resistant MFA for the internal systems that gig workers access. It is also worth ensuring you hire the right workers by joining the 69% of businesses that perform background checks on gig workers. That helps avoid hiring someone with a history of cybercrime.
Q. HOW CAN ORGANISATIONS MINIMISE DISRUPTION?
» Although many companies prioritise cybersecurity protocols before and during gig work, implementing measures after the gig is over is equally essential, if not more crucial. These post-gig measures are critical to maintaining cybersecurity and ensuring that sensitive data remains protected, which might come as a shock to the 33% of respondents who said that they only sometimes change internal passwords after a gig worker has finished their contract. Gig workers can also be a source of frustration with regular requests for access. According to the research, 40% of managers are contacted daily for this reason, with another 35% being bothered a few times per week. This adds up to 34 minutes per day spent on these tasks, which explains why it might be tempting to forget to change passwords.
Undoubtedly, COVID-19 and the ongoing evolution of the gig economy have turbocharged the number of contractors. It is clearly a flexible, cost-effective model that has benefits for employers and contractors alike; however, security must remain paramount at all times. Temporary passwords and restricted access are a limited solution but remember to revoke access and update passwords post-contract. That way, both the employer and gig worker can work safely and securely today and in the future.
