Part 2 of 4: How to Reduce Non-Employee Access Risk: Standardize Onboarding

June 16, 2020

Part 2: How to Reduce Non-Employee Access Risk: Standardize Onboarding

Combatting non-employee access risk starts before a new staff member even arrives at an organization. The standardization of non-employee hiring and onboarding can reduce the risk associated with access misuse, insider threats, accidental data exposure, and more. Here are a few Do’s and Don’ts when it comes to onboarding non-employees:

Do: Create a single digital “front door”

Using a standard process of onboarding for non-employees helps reduce the risk of third-party access risks. The concept of a digital ‘frontdoor’ that every user must come through, means that all personnel follow the same procedure. The process may include steps like verifying user identification, creating a standard user account, and documenting key metadata. This is the starting point for building a trustworthy data trail on each user. Eventually, this acts as a centralized repository that can allow administrators, auditors and access management engineers locate all non-employees in a single source of truth. Centralized repositories can also help to speed up onboarding, an important feature when using contractors who are often temporary and need to get to work quickly on a project.

Don’t: Apply lax identity verification measures for temporary workers

When a contractor is coming in for a quick project, it can be tempting to skip a few steps in the onboarding process to get the work done quickly. Don’t. Being able to consistently and accurately identify individuals is a vital component of a robust identity system and the core of managing third party access risk. Otherwise, a lack of standardization during the verification process can lead to unauthorized access and control measures being unenforceable.

Don’t: Underestimate the potential financial consequences of failed access management

The exposure of sensitive data is not always intentional or malicious. Failing to onboard non-employees properly can lead to accidental, yet costly data exposures as well.  The 2020 Cost of Insider Threats report from the Ponemon Institute found that the average cost of an accidental insider breach by negligent employees or contractors was $307,000 per incident. However, if that incident involved the use of privileged credentials, that cost went up to $871,000 per incident.  Standardizing onboarding may require an investment, however it tends to be an investment well worth it in comparison to the potential consequences of negligence.

Non-employee access management can be a challenge. Contractors and freelancers can potentially be lost in the system, or worse, unvetted altogether, but centralization can help.

Tony Pai

Chief Operating Officer at Anomalix

Tony has a unique blend of technical and business skills to lead Anomalix’s day-to-day operations as well as ensure the successful delivery of professional services. Prior to Anomalix, Tony spent 14 years as an equities trader for various financial institutions, 12 years as an IT Security consultant and is a licensed attorney in the state of Illinois. Tony earned his bachelor’s degree in Economics from the University of Illinois at Urbana-Champaign and a JD from The John Marshall Law School.

View Linkedin