We live in an age where cyber threats and physical security go hand in hand. You read and hear it daily: systems are being hacked, ddos attacks are taking things down, and malicious actors are attempting to infiltrate organisations. Consequently, organisations are investing heavily in advanced firewalls, detection systems, and physical security measures such as fences and access gates.
However, there is a ‘leak’ that is often overlooked, and one that cannot be sealed by technical solutions alone: the insight into who exactly is working within your organisation, and, more importantly, who has access to your most sensitive systems and locations.
The door is often left open too long
For many HR and procurement professionals, managing the influx of external workers is a daily reality. Think of temporary staff, secondees, freelancers (zzp’ers), consultants, and employees of companies performing work on your premises. This flexible workforce is essential for your operations but introduces risks if access rights are not tightly managed.
The process of granting these individuals the correct access—a company badge and login for the network and systems—is often challenging enough. But where the risk primarily arises is at the end of a collaboration.
When an external worker finishes their assignment, or even switches projects halfway through, their access often remains active for too long. The company badge still works, the login credentials are still valid, and rights to, for example, the crm system have not been revoked. This isn’t merely sloppiness; it’s a direct threat to business continuity and data security.
Research shows that outdated and unused accounts belonging to former employees or external workers are frequent entry points for cyber attacks. It’s a forgotten ‘back door’ that is sometimes left wide open.
Insight is crucial
This is where HR and procurement play a vital role. An effective identity and access management (iam) policy doesn’t start with a server, but with a clear contract, a precise end date, and adequate processes for managing access rights. All of this begins with a good insight into who is active within your company.
Invest in clear processes and systems that provide visibility, including for external workers. Your organisation is only as secure as its weakest link. Let’s ensure that link isn’t the ‘forgotten’ account of a former freelancer.
