Share this
How to Securely Work with Contractors
by Constantin Jacob on Feb 28, 2024 10:00:00 AM
Bringing on a contractor or vendor with a laser focus on a single task can be a massive productivity gain and might be able to resolve a ratking of problems all at once. But as contractors have significantly fewer ties to the company and the overall mission, they are a security and privacy liability.
Limiting outside access to business systems
Maybe you have partnerships which include providing a service in the name of your partners without exposing that it is indeed your technology powering the service after all. Or the data existing within your systems requires very careful handling. Regardless of the constraints at hand, your operational goals are at odds. The contractor is meant to be a mercenary, hired to do a specific job without personal ties.
How do we ensure maximum operational security without reducing the efficiency of our contractors (that we're paying a premium for)? By attempting to clearly separate the systems the contractor may interact with.
The contractor should be granted access on a need to know basis. Ideally, this should also be applied to institutional knowledge. The latter point will require a bit of training of your staff generally, but can be achieved over time. The educational effort to get better at all aspects of operational security should always be encouraged, but respectful callouts on-the-spot of wrong conduct should also be encouraged in all directions, up and down the company hierarchy.
Ensuring control while working with contractors
Another key issue at hand: Compliance, bring-your-own-device (BYOD), and cost.
At DNSFilter, the goal is to ensure maximum efficiency and the least amount of hoops to jump through, while still maintaining control. It is human-nature to look for shortcuts, so be sure not to create obstacles with difficult software platforms or hoops to jump through that might encourage someone to cut corners. Instead, opt for established, understandable and reliable technology.
We managed to align some of these problems by providing all employees & contractors with a Pro license to one of our products, Guardian Firewall + VPN. Installation and operation is meant to be very easy, but it is also simple to remove once the contract runs out. Everything the app does is included within the bundle itself so once the VPN connection is disabled, the app can be easily deleted and we can ensure that we are not permanently changing our contractor's device.
We may want to work with certain contractors again in the future, so it is important to be aware that the device that they're using is not ours. Being respectful is a core part of our daily operations.
Guardian runs seamlessly in the background and can be configured to ensure that all DNS queries are running through our own filtering platform. Thus ensuring a whole category of problems can be eliminated all at once.
Try Guardian for yourself to see how easy it can be to protect your business information and limit contractor access.
Share this
Categories
- Featured (262)
- Protective DNS (17)
- IT (13)
- IndyCar (8)
- Cybersecurity Brief (7)
- AI (6)
- Deep Dive (6)
- Content Filtering (5)
- IT Challenges (5)
- Public Wi-Fi (5)
- Roaming Client (4)
- Team (4)
- Compare (3)
- Malware (3)
- Tech (3)
- Anycast (2)
- Events (2)
- Machine Learning (2)
- Phishing (2)
- Ransomware (2)
- Tech Stack (2)
- Secure Web Gateway (1)
This past weekend, the legendary Milwaukee Mile played host to an unforgettable double-header in the IndyCar series, and we were proud to be alongside the Juncos Hollinger Racing team for every high-octane moment. With two thrilling races and exclusive VIP experiences, the weekend was packed with excitement that left our guests buzzing.
This past weekend, the roar of engines wasn’t the only thing making noise at the Grand Prix of Portland. We were proud to host another Juncos Hollinger Racing weekend with our co-hosts, Pax8, that combined the thrill of IndyCar with cutting-edge technology and a ton of fun for all attendees.
One of the benefits of being in the cybersecurity industry for over 25 years is that you develop perspectives from patterns that repeat themselves, as well as the ability to compare and contrast with other more mature industries.