All Posts in Outsourcing

|In: Outsourcing|Last Updated:

Is your contractor who you think they are?

I will admit that this is a question that is pretty new to me.  While we have all seen a scam or two over the years,  I am pretty surprised to discover that there are domestic “Companies” that will facilitate completely fraudulent contractor relationships.

There appears to be two significant goals for the malicious actor-

The first is to get paid market rates as a contractor.  I am guessing that the work performed can be performed remotely, without a lot of supervision, and is specialized or difficult enough to warrant a company looking for a contract employee.  We live in a time where staffing companies are everywhere, doing effective and legitimate work, meaning it is easy to blend in.

The second motive is more dangerous—scanning networks, installing malware, manipulating files, and ultimately exploiting an organization’s systems.    Even great corporation security teams are going to having a hard time managing users who have some sort of internal elevated privileges.  Users, legitimate or not, expect to have access to the systems that companies are paying them a lot of money to use.   Sorting out bad internal actors is the kind of responsibility that gives the Security team in a company (or outsourced MSPs) ulcers.

What was particularly surprising was that these domestic companies knew exactly what they were doing.  It seems like the riskiest way to make a buck that I have ever heard of, and I am pretty sure that the DOJ isn’t going to go lightly on the offenders.

But who knows? Some companies might not want the embarrassment of having fallen for a scheme like this.

So, what is to be done?

  1. We might actually have to start reading resumes again, looking for inconsistencies.
  2. We probably want real phone numbers, zoom meetings with the cameras on, and availability for check-ins.  Are we FedExing any gear to the address on the resume?  It wouldn’t make sense to send it someplace else, would it?
  3. Consider implementing a Zero Trust IT security model.  Adding this layer of security has been shown to prevent data breaches.  Aspects of this model include multi-factor authentication, device access control, least-privileged access, continuous monitoring, and more.
  4. Ensure organizational firewalls, security patches, malware prevention devices and software are up to date.
  5. Reconsidering reliance on unknown staffing firms and vetting any firms you may work with.  A good, simple check is to ask about business insurance, and getting added as a certificate holder.
  6. Finally, a good data backup is your last line of defense.  Modern backup systems can store data on an immutable medium preventing things like ransomware or nefarious actors from altering the data.

Good grief, this is nuts.

Comments

|In: Career Management|Last Updated:

A ManagementSpeak from 2008: “This is an opportunity to expand your value to the organization and build your career.” The translation: Budget cuts prevent us from hiring the people we need, so we’re increasing your responsibilities and workload (and thanks to Peter Bushman for spotting and translating it).

In 2008, and for who knows how long before that, the promise of career advancement … the promise, not the delivery … has been enough to encourage initiative and hard work delivered in unpaid overtime, donated by career-minded employees in the expectation that the promise will be fulfilled.

Making the promise has no budget impact, a fact many managers take advantage of. And as the actual promotion depends on a more senior or management position being open, failing to fulfill the promise is never the promiser’s fault.

Smart leaders do their best to deliver on the promise, and not make promises they can’t keep. They’re smart, that is, if initiative comes in the form of useful ideas and the hard work and unpaid overtime are executed well.

The career-advancement promise is, that is, contingent on the delivery of high-value results. If ideas are foolish and work is of poor quality? That’s a case of more not always being better, and ought to result in a candid conversation. Employees deserve an explanation of how and why their results don’t qualify.

No fraud, no harm, no foul. It’s a formula that can work well for all parties.

But imagine the workplace evolves as suggested in this space last week, with employees eschewing traditional forms of career advancement. It might be wanting just a job and not a career. It might be a more radical shift away from employment altogether, as people figure out how to piece together a rewarding life and the wherewithal to live it by contracting, by driving for Lyft and Uber, and otherwise signing up for the “gig economy.”

Whatever it is, an unfortunate consequence (for management) is less reason for employees to show initiative, let alone to donate unpaid hours to the CEO’s retirement fund. “An honest day’s work for an honest day’s pay,” is more likely to dominate employee culture than “We give it 110 percent.”

On the other side of the coin, if fewer employees have career aspirations that means, if we’re going to be cynical about it, that managers have more opportunities to dangle in front of the remaining employees who still do. It’s simple math: fewer employees will be competing for roughly the same number of career-advancing positions, so their odds improve.

But what if you’re in the workforce and don’t want the Hobson’s Choice of either climbing the career ladder at the expense of living the life you want, or living the life you want without the sense of personal achievement that has, in the past come from career advancement?

Right now the best you can probably do is sign up with one or more IT services firms that specialize in providing contract talent to their clients. As you succeed in your assignments your billing rate will track your level of accomplishment, as will the title next to your name: The Role you’re sold as being competent in, prefixed by nothing, “Senior,” or “Master.” Along with the prefix comes increasing difficulty and level of interest in the assignments you take on.

Bob’s last word: We are, I think, in the middle of a major transition in how businesses and the workforce relate to each other. The current state of this transition is what we’ve been exploring last week and here.

But we shouldn’t confuse the current state with the end point. If current trends continue, my own forecast is that this will all evolve into the reincarnation of the guild.

A guild, in case you’re unfamiliar with the term, is a membership-based home for practitioners of a trade. It has some characteristics of a union, others of credentialing bodies, along with the role services firms now play in finding work for the professionals they represent.

Companies needing staff with a particular set of skills would no longer go through the dysfunctional recruiting process they and the targets of their potential affection are currently afflicted with. Instead they’d contact the relevant guild, which would be responsible for providing appropriately skilled workers, invoicing for their services, and paying the workers for their time and effort.

This doesn’t mean “employment” would be entirely a relic of a quaint and rosy past. I do think we’ll see a significant shift in this direction.

Bob’s sales pitch: CIO.com has published the second of three articles on Technical Architecture in my IT 101 series. You’ll find it here: “Evaluating technical architecture: 11 key criteria and how to apply them.” If you need to catch up, you’ll find the first technical architecture article in the series here: “Technical architecture: What IT does for a living.”

Comments