Are Your Freelancers Your Greatest Security Threat?

Freelance workers are a part of our modern work environment. We use freelancers in concert with employees to get the job done.

However, research shows that using freelance workers, especially in the area of IT, might actually be increasing your odds of facing a major security breach. Hire someone to help you with a web project, for instance, through a site like Freelancer or Upwork, and you might unwillingly be giving someone access to creating a backdoor. While they may look good in their profiles and receive high ratings, they can do a lot of potential damage to your company. They can:

  • Leave out crucial code that protects documents from unauthorized users
  • Create backdoors or the ability to upload a backdoor and take control over content and data easily in the future
  • Contain SQL injection flaws that allow attackers to easily manipulate both website data and customer data, taking control of whatever they choose to from your database

That’s not saying every freelancer you choose to work with has the potential for bringing damage to your company. Instead, it’s a warning that it’s important to understand who you work with, and more importantly, have checks and balances in place to ensure your data is secure at all time.

Before hiring

Even if you are working with a freelancer, do you get the impression they are the best person for the job?

Do they have experience in working with technology in a way that demonstrates they are up for the task?

Can they clearly restate your requirements before work begins?

Is there a language barrier that might prevent them from understanding you or providing you with the full requirements of the job?

Do they understand your security requirements?

During the project

Do they understand your milestones?

Do you see consistent progress that meets your expectations?

Do you have a trusted resource that can provide checks and balances along the way to ensure security is being met along the way?

After completion

Does the finished code meet certain qualifications? At a minimum, it should be scanned for vulnerabilities before final payment is made.

How critical is this application?

How will you perform security reviews in the coming months and years?

What does it take to access the code and add your updates along the way?

Freelancers can and will continue to be an important part of building successful companies. But like every aspect of business, using them comes with checks and balances, especially when working with your most critical data.

Is your IT vulnerable from using freelance help?