THE GARTNER MARKET GUIDE FOR INSIDER RISK MANAGEMENT SOLUTIONS Download your copy now.

WORKFORCE CYBER
INTELLIGENCE AND SECURITY

BLOG

A Human-centric Approach to Operational Awareness and Risk Management.

Employees’ Side Hustles: The Hidden Threat to Your Organization’s Cybersecurity

Do your employees have a side gig they’re passionate about? They may be unintentionally putting your security at risk. Here’s why you shouldn’t overlook those side gigs.

A 2021 report by the U.S. Census Bureau said the trend of working two or more jobs is on the rise and with the gig economy booming, more and more employees are finding themselves second jobs and side hustles to meet financial or personal goals. There are even some companies that encourage employees to take on side hustles. With  negligent insiders driving more than 60% of insider-related security incidents, companies can’t afford to overlook the potential impact that distracted or unengaged employees can have on data security.

According to a pre-pandemic Ponemon study of mid-size companies, the root cause of most data breaches is a negligent employee or contractor, as highlighted in our 2022 Insider Risk Report. It’s important to note that risk from negligence isn’t malicious and can include a small mistake like accidentally emailing information to the wrong recipient.

The DTEX Insider Intelligence & Investigations (i3) team has uncovered various instances where remote workers violate data policies by using non-corporate webmail, USB devices, file sharing sites, and third-party upload links for personal things, such as vacation plans or enrolling children in activities. While many companies are on the lookout for this, they should also prioritize looking for behavior that aligns with employees working second jobs or maintaining a side gig on corporate devices.

While working with many organizations to identify these types of negligent actors, our team uncovered these examples of unintentional insider threats:

  • One organization had two separate employee incidents: one user was running a business through personal webmail and Google Drive, and a second user managed a project consulting business on the side. Both employees used their corporate devices to manage these side hustles throughout the workday. Initially, the organization lacked the visibility, and the actions were deemed “ad hoc personal use.” However, our team uncovered that 85% of the activity over a 7-day period was for personal use, leading the organization to adjust its policy in order to better protect valuable assets.
  • Our team also uncovered a user who utilized their corporate software application licenses for design creation on the side, violating policy for uploads to personal webmail and file sharing to third-party external sites.

As side gigs become more prevalent, employees pose an even greater risk to organizational cybersecurity. While arguments can be made that side gigs help advance employees’ skills, bringing greater value to the company, companies cannot overlook the security concerns they introduce. Through leveraging Workforce Cyber Intelligence & Security, organizations can better understand how employees engage with peers, data, and applications while performing their job responsibilities. Combining these insights with insider knowledge from their IT team can reduce security organizational incidents and risks associated with employee behavior.

Do you want to minimize insider risks as a result of your employees working a second job or side gig? Contact our team today to learn more about our Workforce Cyber Intelligence & Security solutions.