An explosion of gig economy workers in the wake of COVID-19 is forcing companies to re-evaluate their digital security measures for transitory workers as they grapple with a new phenomenon: workers who share their digital accounts with others. Uri Rivner, Chief Cyber Officer, BioCatch explains how companies that depend on gig workers must invest in ways to prevent the theft of digital identities or risk a slew of data breaches.
Ironic as it may sound, stable employment these days doesn’t necessarily mean the traditional full-time job that binds a worker to a company. Some gig workers, those who do flexible, part-time work as freelance employees or independent contractors, are seeing an explosion in demand for their services, even during a pandemic that has devastated the United States.Â
With tens of millions of traditional full-time employees having filed for unemployment due to COVID-19, there has been a surge in Americans joining the gig economy, and this trend is likely to continue to grow. According to a recent study conducted by MBO Partners, 42 million Americans are already pursuing freelance and independent work.
By 2023, 52% of the U.S. workforce will be participating or will have worked in the gig economy, according to the survey. These staggering statistics are forcing companies to re-evaluate their digital security measures for independent contractors as they grapple with a new phenomenon: gig workers who share their online accounts with others. Â
This is happening much more often now, due to the COVID-related economic climate, where many people are struggling to offset reductions in their income. With security now top-of-mind for all companies, gig workers are finding that their digital credentials are suddenly valuable, as they have been verified and vetted as legitimate users. And while working 24/7 is impossible to sustain, the notion of sharing their accounts with family, friends, or other interested parties to continue generating income in an economic downturn can be highly appealing.
Learn More: Behavioral Biometrics Can Tackle Bad Online Behavior Amid Remote Work Surge
Gig Worker’s Identity ProblemÂ
For corporations, this is deeply troublesome. Gig workers with digital credentials at, say Amazon, Verizon, or Google – all big employers of contract employees – would have gone through a stringent verification process. When these workers share their credentials with others without authorization, it creates a huge headache for the companies involved. Companies that hire gig workers must then invest in ways to prevent the sharing and stealing of digital identities or risk a plethora of data breachesOpens a new window and security issues.
For example, working at a customer service center is a common gig job, but the pandemic has forced most customer service agents to do the job remotely. This causes problems for companies trying to verify whether an agent who punched in 14 hours in a day really worked those hours. The agent could have worked one shift, shared their credentials with a friend who worked the other shift, all the while collecting a commission for the friend’s work.Â
While this may sound innocuous and even entrepreneurial on the surface, it can wreak havoc on the companies involved. Only the person who obtained the online credentials has been properly vetted, background-checked and trained, and has signed a non-disclosure agreement. This leaves companies at risk of having their confidential data compromised by someone who gained access without their consent. This could have a huge impact on their corporate reputation should a breach occur and be publicized. Furthermore, if individual end-users find out their sensitive data is now being accessed by unauthorized third parties, they’ll feel another kind of breach: a breach of trust.
These are difficult times with the U.S. in a recession and millions of Americans unemployed. States that moved to re-open their economies early have seen a resurgence of COVID-19 cases, forcing many of them to shut down for a second time. It is therefore not surprising that some gig workers are leveraging their digital accounts to earn extra cash – at the peril of losing the most precious of assets: long-earned trust.Â
Learn More: How to Get Identity & Access Management (IAM) Right, Finally
Getting Digital Identity Right for Gig EconomyÂ
Fortunately, companies can protect themselves from those gig workers who can’t be fully trusted. First, they need to understand that traditional security measures based on “things you know†are not reliable. Most companies continue to rely on usernames and passwords to authenticate logins, even though these are now among the least secure authentication methods. Many companies have added another layer of protection by recognizing a so-called Trusted Device, which verifies the digital device someone is using via a one-time passcode. As long as they log in from a trusted device, these companies assume it is them.Â
Obviously, that isn’t the case anymore. Cybercriminals Opens a new window have found numerous ways to bypass device checks, and corporate IT teams are struggling to keep these fraudsters at bay. Meanwhile, the WFH surge due to coronavirus has made verification doubly difficult. Everyone is now using multiple devices and they often share their devices among multiple household members. This further complicates verifying employees remotelyOpens a new window .Â
A more secure way to verify identity is through physical biometrics, i.e., by using fingerprints or facial recognition. But these methods are not foolproof either, even if the fingerprint or face is verified against a database. This merely establishes that the device is being used by a person who set up biometric authentication. In the context of gig economy workers, this doesn’t provide a high barrier to credential sharing. It is a simple matter to add a second set of fingerprints or an additional face to a smartphone, for example, and the device would recognize another person as legitimate.
But what if the biometric analysis conducted was invisible to the person using the device, so that they were completely unaware of it? This is the latest method of identity verification, and it has none of the defects of the earlier methods. It is now possible to monitor a call center agent’s voice patterns and match them against their historic profile. Any anomalies found can be investigated. For online activity, a technology called behavioral biometrics can be used to track how a user interacts with their device throughout a session, through typing patterns, mouse motions, navigation, and the like.Â
Through continuous authentication, behavioral biometrics can uncover anomalies in user behavior. At the same time, it is less intrusive to the user than matching fingerprints or faces because it operates passively in the background and is statistically-based. It is only used to verify whether a user’s behavior matches their behavior in the past. It does not track specific individuals by collecting information that would personally identify them.
Behavioral biometrics can also detect account sharing – within the gig economy or outside of it. Banks have learned that it is the only way at present to determine whether users of their online services have shared their login credentials with someone else. Sharing credentials create a serious breach of confidence from a bank’s perspective, as the user’s online activities cannot be attributed to a single, personally accountable individual.
Learn More: Digital Intelligence Tools Can Keep Remote Work Security Risks in Check
Closing ThoughtsÂ
With the enormous increase in cyber fraud over the past two years, companies of all types must be vigilant in monitoring digital identity, but this is especially true as more and more Americans embrace the booming gig economy. A vetted digital identity is becoming vitally important to preventing fraud of all types, with account sharing only the latest risk among many that companies face in today’s digital-first business environment. And gig businesses in particular need to act now to secure their digital identity methods to ensure online trust, safety, and security.
Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!