If remote working is the beating heart of creative business, freelancers are its lifeblood. Year on year, companies across all sectors are increasingly embracing a freelance workforce to plug skills gaps and swell numbers when a project demands it. But what are the security implications – and how could they affect your compliance requirements as part of a supply chain.
1. Prioritise by risk
Most companies provide a one-size-fits-all approach to handling data, which may or may not include how freelancers handle company information, and how internal staff process incoming work. The truth is, internal data could be exposed each time your business uses someone who’s not on your office network – which could have financial and legal implications.
Different projects involve levels of sensitive data. It’s worth grading your projects by data risk level – something you may already be required to do if you’re a content supplier to Netflix, for instance. Put your projects into five categories:
- Sensitive (personal and health information – payroll administration or CRM data, for example)
- Confidential (data which could affect operations – trade secrets, contracts and production data)
- Private (not meant for the public, but wouldn’t affect operations if there was a breach – such as market research)
- Proprietary (made public only on a limited basis – PR or product development information may fall into this category)
- Public (data which bears no risk if publicly released).
Document your decisions as you go, and make note of where freelancers are already involved and the kind of data they may have access to. Ideally, you need to strike a balance between operational stealth and reducing the risk of a data breach from using freelancers.
2. Implement access controls
The classic control method is to make freelancers sign non-disclosure agreements (NDAs) before starting work. If they need access to your networks, make sure you grant them VPN access with tighter controls – freelancers probably don’t need blanket access to the entire network. Then, once work has finished and a freelancer’s involvement has ended, ensure you have the right protocols in place to disable their access to networks and systems. As a managed service provider, we can help you get this right.
3. Plan for a breach
Make sure you have a clear, well-documented data recovery plan – and that staff know how to use it quickly, and freelancers know their role in any process.
Using freelancers helps small creative businesses keep pace and stay flexible, but it’s worth implementing some simple changes to mitigate the risks of a data breach. We’re London’s creative industries IT specialists, helping SMEs in film, TV and beyond navigate data security – amongst other things. Contact us now to find out how we can help you manage your freelance workforce securely.