Top Risks

Freelancer Security Gaps

Target Process
Development
Target Asset
Design
Impact
Moderate

EXAMPLES


  • A freelancer chooses a work location that allows others to view sensitive IP as they work on it.
  • A freelancer working digitally unintentionally allows access to sensitive IP on a computer that is shared by other members of their household.
  • A freelancer working digitally unintentionally allows access to sensitive IP via a ransomware/malware attack on their work computer.
  • A freelancer working digitally loses or suffers the theft of a device on which sensitive IP is housed.
  • A freelancer working physically unintentionally allows others to view their work during transit/shipping.
  • A freelancer creates new sensitive IP assets in the form of screenshots or cell phone photos of work in progress, sent to the hiring party for comments/review or approvals.

PREVENTATIVE CONTROLS


  • Require freelancers to work in a space that is private and can be secured. Work should not be performed in a space that is publicly accessible or allows public view or is used by other members of a household.
  • Require freelancers to complete work on a single, designated device to which they have exclusive access.
  • Freelancers working digitally should receive and send assets through an encrypted transfer tool or access assets remotely without download.
  • Freelancers working physically should be provided with enough opaque packing materials to allow for secure shipping or hand delivery of the finished work they will produce. Instructions on the method of delivery and pre-paid shipping labels (if needed) should be provided.

BEST PRACTICES


  • IP work should be placed with freelancers who can ensure a level of data protection on their designated work device.
  • Freelancers working physically or digitally should be provided with a designated path of communication back to the Licensee for any comments, reviews, orapprovals that will be needed while their work is in progress.

DETECTIVE CONTROLS


  • Freelancers working digitally should be provided with instructions on actions to take immediately following the loss or theft of any device containing or set up to access sensitive IP.
  • Reference assets provided to freelancers should be watermarked or otherwise personalized to each, if being distributed to more than one.