Bringing on a contractor or vendor with a laser focus on a single task can be a massive productivity gain and might be able to resolve a ratking of problems all at once. But as contractors have significantly fewer ties to the company and the overall mission, they are a security and privacy liability.
Limiting outside access to business systems
Maybe you have partnerships which include providing a service in the name of your partners without exposing that it is indeed your technology powering the service after all. Or the data existing within your systems requires very careful handling. Regardless of the constraints at hand, your operational goals are at odds. The contractor is meant to be a mercenary, hired to do a specific job without personal ties.
How do we ensure maximum operational security without reducing the efficiency of our contractors (that we're paying a premium for)? By attempting to clearly separate the systems the contractor may interact with.
The contractor should be granted access on a need to know basis. Ideally, this should also be applied to institutional knowledge. The latter point will require a bit of training of your staff generally, but can be achieved over time. The educational effort to get better at all aspects of operational security should always be encouraged, but respectful callouts on-the-spot of wrong conduct should also be encouraged in all directions, up and down the company hierarchy.
Ensuring control while working with contractors
Another key issue at hand: Compliance, bring-your-own-device (BYOD), and cost.
At DNSFilter, the goal is to ensure maximum efficiency and the least amount of hoops to jump through, while still maintaining control. It is human-nature to look for shortcuts, so be sure not to create obstacles with difficult software platforms or hoops to jump through that might encourage someone to cut corners. Instead, opt for established, understandable and reliable technology.
We managed to align some of these problems by providing all employees & contractors with a Pro license to one of our products, Guardian Firewall + VPN. Installation and operation is meant to be very easy, but it is also simple to remove once the contract runs out. Everything the app does is included within the bundle itself so once the VPN connection is disabled, the app can be easily deleted and we can ensure that we are not permanently changing our contractor's device.
We may want to work with certain contractors again in the future, so it is important to be aware that the device that they're using is not ours. Being respectful is a core part of our daily operations.
Guardian runs seamlessly in the background and can be configured to ensure that all DNS queries are running through our own filtering platform. Thus ensuring a whole category of problems can be eliminated all at once.
Try Guardian for yourself to see how easy it can be to protect your business information and limit contractor access.
Smarter DNS Policies: What You Should Be Blocking (But Probably Aren’t)
Educating Your Clients on the Sophistication of Phishing Attacks
IAM Userless: Streamline AWS Access & Reduce the Attack Surface
