How To Reduce Third-Party Risk - Part 2 of 4

June 16, 2020

Part 2: How to Reduce Non-Employee Access Risk: Standardize Onboarding

Combatting non-employee access risk starts before a new staff member even arrives at an organization. The standardization of non-employee hiring and onboarding can reduce the risk associated with access misuse, insider threats, accidental data exposure, and more. Here are a few Do’s and Don’ts when it comes to onboarding non-employees:

Do: Create a single digital “front door”

Using a standard process of onboarding for non-employees helps reduce the risk of third-party access risks. The concept of a digital ‘frontdoor’ that every user must come through, means that all personnel follow the same procedure. The process may include steps like verifying user identification, creating a standard user account, and documenting key metadata. This is the starting point for building a trustworthy data trail on each user. Eventually, this acts as a centralized repository that can allow administrators, auditors and access management engineers locate all non-employees in a single source of truth. Centralized repositories can also help to speed up onboarding, an important feature when using contractors who are often temporary and need to get to work quickly on a project.

Don’t: Apply lax identity verification measures for temporary workers

When a contractor is coming in for a quick project, it can be tempting to skip a few steps in the onboarding process to get the work done quickly. Don’t. Being able to consistently and accurately identify individuals is a vital component of a robust identity system and the core of managing third party access risk. Otherwise, a lack of standardization during the verification process can lead to unauthorized access and control measures being unenforceable.

Don’t: Underestimate the potential financial consequences of failed access management

The exposure of sensitive data is not always intentional or malicious. Failing to onboard non-employees properly can lead to accidental, yet costly data exposures as well.  The 2020 Cost of Insider Threats report from the Ponemon Institute found that the average cost of an accidental insider breach by negligent employees or contractors was $307,000 per incident. However, if that incident involved the use of privileged credentials, that cost went up to $871,000 per incident.  Standardizing onboarding may require an investment, however it tends to be an investment well worth it in comparison to the potential consequences of negligence.

Non-employee access management can be a challenge. Contractors and freelancers can potentially be lost in the system, or worse, unvetted altogether, but centralization can help.

Download this blogBack to blog

Mohammed Elkhatib

Founder and CEO

Mohammed is an Identity Management and Access Governance thought leader with over 16 years of Information Security experience and over 20 years of IT and Business experience. Mohammed has worked with over 500 Identity Management and Access Governance clients. Mohammed’s significant and numerous contributions at the most successful Identity and Access related startups have led to three successful exits in excess of $825MM.

View Linkedin