I employ two programmers. On the weekend, they do programming for other organizations. We are okay with it, but I wonder if it increases my cyber exposure.
The more time a person spends interacting online, the more cyber risk that person has or, to put it a different way, people who work offline have zero cyber exposure.
Increased online interaction increases email and messaging flow, document and attachment downloading, applications employed and sites visited which all increase exposure, especially to social engineering scams.
However, just because someone has a side hustle does not mean they are going to infect your system. If they use smart cyber hygiene with their hustle, then your risk drops significantly.
One important requirement regarding side hustles is that you should make it clear that they cannot use your equipment or system in any manner for doing their side job. A clear line needs to be established between your data and the data of others.
The final takeaway is that side jobs, especially in the tech industry, are common, and part-time jobs are common in all industries. To keep your best talent, you may have to embrace side jobs, but make sure that you take all the precautions necessary to protect your data.
Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.
If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to firstname.lastname@example.org. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.