How Do You Manage Contractor Accounts with Short Expiration Dates?

Companies work with contractors for a variety of reasons. For example, outsourcing tasks may be done on a regular basis to save money and work with an expert. Such as outsourcing bookkeeping or HR management. It can also be temporary. For example, during a large digital initiative, more hands are needed on deck for a limited period.

Another common type of outsourced contractor that companies work with is freelancers. These may be graphic artists, content writers, or website specialists.

With technology being so infused in business workflow today, it’s inevitable that if you outsource any activities through outside contractors, a login will be needed at some point to one of your systems.

Managing these types of temporary user accounts can be tricky. For example, an orphaned account – one that is no longer used but still active in the system – can be the source of a data breach.

Security experts surveyed for the 2019 Insider Threat Report stated that orphaned accounts are among the top 5 most common accidental insider threats.

Dangers When Setting Up Temporary Contractor Accounts

The Account Is Left Active Indefinitely

One of the biggest cybersecurity dangers with setting up temporary access to your systems for a contractor is that these accounts may be forgotten about and never closed. It’s not unusual for the contractor to finish their work, and the person responsible for identity management forgot to remove that access from the system.

What can also happen is that a contractor works with a company off and on. So, an office manager may think it’s okay to keep their account active all the time “to make things easier.”

But during those times when the account is not in use, it’s a huge vulnerability. How much can an unused account put your business in danger? Just ask Colonial Pipeline.

The large ransomware attack that Colonial Pipeline suffered in 2021 resulted from a hacker gaining entry through an unused VPN account. The cost to the company was over $4 million in ransom that it paid the attacker, plus the larger costs associated with oil production being halted for nearly a week at its facilities.

The Account May Be Too Privileged for Too Long

When setting up any user account in your system, it’s important to use the rule of least privilege. This states that a user should only be given the lowest access that still allows them to do their job.

A danger when setting up temporary accounts for freelancers and contractors is that the person setting them up may not know what level of access is needed, so they grant higher-level access than they should.

Or, if the person only needs administrator access for a short time, they don’t have any mechanism in place to lower privileges after that need has passed.

Higher privileged accounts leave your systems in the most danger because if they’re breached, the attacker can do more damage. This includes things like:

  • Adding user accounts
  • Changing passwords
  • Accessing sensitive files
  • Locking others out of the system
  • Introducing malicious code
  • And more

How to Properly Handle Temporary Contractor Logins

Understand the Dangers of Insider Threats

Since 2020, the cost of handling insider security issues has jumped by 34%, from $11.45 million in 2020 to $15.38 million in 2022. Insider attack frequency has also increased by 44%.

It’s vital to understand the threat that can come from a user that has access privileges in your systems. And the fact that it’s not the person that is always the threat; it’s the account login that you are providing them.

Each login is an access point into your network and data that a hacker can use to gain entry. Understanding the importance of protecting these access points can help you avoid common mistakes when setting up accounts for contractors or freelancers.

Use the Lowest Privilege Possible

If a contractor needs access to an account administration activity, ask for how long and exactly what that is. You want to reduce risk by reducing the number of users with administrative access as much as possible.

Grant the lowest level possible. If admin access is only needed temporarily, lower their access when it’s no longer necessary.

Use a System That Can Expire Accounts Automatically

One of the biggest dangers with setting up temporary account access is that those accounts are forgotten and left open indefinitely. Therefore, you want to use an account provisioning solution that allows you to add expiration dates when first setting up the account.

This ensures that no account is forgotten and left open in the system. It’s also more efficient because an administrator doesn’t need to set a calendar reminder when an account is expiring and then remember to deactivate it. Instead, the expiration date is entered at the same time the account is set up, and the access will stop automatically. The administrator does not need to do anything else.

Book a Live Demo of Our Account Provisioning & Identity Management System Today!

Improve security, reduce account administration time, and simplify identity management with an automated and easy-to-use solution.

Light Blue Button Only - Contact us today to learn more

References linked to:

Take the Next Step and Schedule an
Appointment with a
User Provisioning Expert
Tools4ever User Provisioning Solutions
HelloID | Cloud. Identity. Access | Logo
NIM | NexGen Identity Management | Logo