The Way We Work
July 19, 2010 by Alex Hornbake

Hiring remote contractors is a great way to expand the capacity and capabilities of your business. However, many businesses are rightfully concerned with the security risks in exposing their data, website or IT infrastructure to contractors. Understanding the work being performed, isolating it as a standardized business unit, and implementing it as such can go a long way towards mitigating risk and building trust with your remote contractors.

Basic Security

First off, make sure your personal computer and network are secure. This can be a detailed process, one that I laid out in a previous post entitled Securing Your Home Network - it's a good basic primer to lay the groundwork for your security plan.

computer_lock

Passwords

Passwords are designed to be associated with unique user IDs. If you’re granting a remote worker access to a system, don’t use a shared password. Create a unique user ID and password for any systems you are granting them access to - that way, you'll be able to tell who accessed various systems with a minimum of confusion.

Sensitive Internal Data

Never give remote contractors access to sensitive internal financial data (bank statements, tax returns, payroll, employee records, etc) - unless such data part of their role with your organization. In that case, make sure you have them sign a non-disclosure agreement (or NDA) to protect your sensitive information. If your VPN allows access to your entire network, then you’ll either want to find an alternative way to bring remote workers into the fold --like a project specific code repository-- or change the access schema of your VPN.

Sensitive Customer Data

Depending on the project, you may be inclined to transmit or allow access to sensitive customer data. Don’t. For example, you’ve hired a remote contractor to write a database adapter that will merge customer data from two systems. The remote contractor may need you to provide copies of the databases you are merging. Instead, provide two dummy databases with the correct tables and formatting, but populated with placeholder data instead of your actual customer data.

Scope of Work

It’s important that your remote workers understand your business, so don’t keep them in the dark. However, there may be certain bits of information that can remain on a “need to know” basis. Break down the work in to tangible, definable tasks - it not only avoids confusion, but it can prevent someone from "spilling the beans" on trade secrets or proprietary technologies.

Version Control

Version control systems like Git can greatly enhance the efficiency of coding projects. Depending on the nature of the project, granting access to the code repository may or may not be wise, however, the advantage is that you will know exactly who made changes/when, and that all editing is done in a non-destructive way. For more, stay tuned for a future post dedicated to code repositories.

Exit Strategy

fired

The day may regrettably come, when you have to terminate a remote worker. In case you do, it’s smart to have an exit strategy from the beginning. Keep track of all the systems and data you grant users access to, and be prepared to restrict that access upon ending your working relationship with them. Similar to parting ways with an in-house employee, shutting down access to internal systems means you're playing it safe - so you won't be sorry later.

 


Alex Hornbake

Freelance Tech Writer

Alex Hornbake is one of several freelance writers on the oDesk Blog team. He joined the oDesk marketplace in 2009, and brings more than a decade of technical expertise to his clients. Alex shares his point of view to help you make informed decisions for your personal and business technology choices.

  • Pingback: Kindergarten Advice for Managers | oDesk.com

  • Pingback: Security risk called remote contractors | The Affiliate Observatory

  • http://www.dooneyandbourkeoutlet.org dooney and bourke

    so cool,I think I will forsake mine, and but this one.

  • http://www.facebook.com/profile.php?id=100001171720840 Kiroshima Sylvia

    I like this particular article It gives me an additional input on the information around the world Thanks a lot and keep going with posting such information. I appreciate the concern which is been rose.
    =========================
    Health and Fitness

  • Pingback: Protecting Your Clients: Online Security for Remote Contractors | oDesk.com

  • Credit Card

    Well this is a good tips that good to share too. This is a nice and informative post and I can say that whatever you say if you forget it then it will not be perfected.

  • http://twitter.com/webbroi Casey

    A pretty cool tool I use for security with remote contractors is OneLogin. I upgraded to the paid service, but you can join for free and the paid is only $5/month for each user. With OneLogin, I can give my contractors access to specific logins without giving them any of my passwords. I just create an account for their specific email address and integrate it with my chosen sites.