Six tips to keep you and your devices secure in the gig economy

The gig economy is offering Australians jobs, but it comes at a cost. These are often temporary positions, where workers are independent and have to take on more risks.

In our series Working Well in the Gig Economy we ask experts how workers can cope in this new environment.

The “gig economy”, where workers take on ad hoc jobs or are engaged as independent contractors has clear benefits for firms. Employers save on training, capital expenses (they don’t pay for offices or tools) and have a ready pool of potential candidates.

But on the flipside, workers are taking on more risk. Whether it’s insecure connections, risky payments, or just bad internet hygiene, you and your devices may be exposed.

But there are some things you can do to protect yourself.

Gig work on the internet

There are plenty of of jobs to do on the internet, and they are varied. Freelancer.com claims to connect more than 22 million employers and freelancers from over 247 countries, doing jobs from programming to designing. Then there are also marketplaces like Envato, and “micro jobs” markets like Amazon Mechanical Turk.

These platforms pose particular challenges, as employers can no longer rely on control over devices, so they must trust the skills of gig workers. This trust comes from reputation or reviews, meaning one screw up can be costly.

This is why establishing good security habits are perhaps even more important than ever.

Some tips to look after your devices

1. Look after your hardware. When out and about don’t let your phone or computer out of your sight. Don’t plug in strange USB drives or devices that you’ve just found somewhere or can’t trust. Some of these could be contaminated with a virus, and devices can be hacked in a surprisingly short amount of time when hackers have physical access.

2. Use strong passwords. Whether on the platform you use, or your payment provider, easy passwords are the hacker’s friend. They have all the well-known ones already. If the site or service has a minimum of eight characters, don’t stop there. Maybe even try a pass phrase (a series of words rather than a one word password), but don’t use a common phrase that everyone else will know too. If your account is the point of entry for a hacker, it’s hard to argue that you should be trusted again (plus, it’s embarrassing and the gig economy runs on reputation, remember).

3. Use a secure connection, including HTTPS and a Virtual Private Network (VPN). This applies to both computers and mobile phones. It doesn’t matter if your employer isn’t insisting on it already, you have an obligation to keep their intellectual property and other data safe. Plus, this may help you get around geo-blocks when working with overseas employers. It’s not fun if your connection is subverted without your knowledge. While at first the leak appears a mystery, there is always a trail.

4. Use encryption when handling files and communicating. Email can be hacked, files can be stolen. Witness what happened to the Democratic Party in the last US election. And events like the Yahoo breach also show you don’t need to be specifically targeted. There are now plenty of organisations that provide encrypted communications services, and they are always getting easier to use.

5. Use a digital signature. While you are attending to point #3, get a public/private key pair. You send the public key to anyone you want, but keep the private one secure (you keep this key very, very safe). The security of the signature comes from the way that the two keys are related mathematically. Only your private key can unlock a message encrypted with your public key and vice versa. Therefore, this is a way of firmly establishing identity when communicating. A message signed with my key can only have come from me.

6. When you finish the job, don’t ever go back to “see how things went”. Just because you still have access (as no-one got around to removing it after you left), this doesn’t imply you have authorisation. A notable side benefit is not running afoul of various laws relating to improper access to computer systems.