Temporary Worker Access: No Badge Required

TL;DR

This guide outlines how to securely authenticate temporary workers who don’t have permanent building badges, using a combination of digital identity verification and supervised access. It focuses on minimising risk while allowing legitimate work to happen.

Solution Guide: Temporary Worker Access (No Badge)

1. Establish a Clear Policy

• Document the process for temporary worker access, including required identification, approval levels, and duration limits.
• Define acceptable use of systems and data.
• Outline consequences for policy violations.

Digital Identity Verification

• Implement a system to verify the worker’s identity *before* granting any access. Options include:
• Photo ID Scan & Check: Use an app or service to scan driver’s licenses, passports, etc., and compare against known databases (e.g., for fraud).
• Biometric Verification: Facial recognition or fingerprint scanning (requires appropriate hardware and privacy considerations).
• Third-Party Identity Providers: Integrate with a trusted identity verification service.
• Record the verification results, including date/time and method used.

Pre-Approved Access List

• Maintain a list of approved temporary workers, their start and end dates, and specific access permissions. This should be regularly reviewed (e.g., weekly).
• Access should be the *minimum* required to perform their job. Avoid granting broad or unnecessary privileges.

Supervised Access & Check-In/Check-Out

• Require temporary workers to check in with a designated security person or supervisor upon arrival and departure each day.
• Log the check-in/check-out times accurately.
• Escort Requirement: For sensitive areas, require an escort by a permanent employee at all times.

Temporary Access Credentials (Digital)

• Instead of badges, provide temporary digital credentials:
• Time-Limited Accounts: Create user accounts with automatic expiration dates matching the worker’s assignment.
• One-Time Passcodes: Generate unique passcodes for specific access points or systems (e.g., Wi-Fi, building doors).
• Multi-Factor Authentication (MFA): Enable MFA on all accounts used by temporary workers. This adds an extra layer of security beyond just a password. Example using Google Authenticator:

  google-authenticator --cli -p /path/to/secret_key

System Access Control

• Implement strong access control lists (ACLs) on all systems.
• Regularly audit system logs for suspicious activity.
• Consider using a Privileged Access Management (PAM) solution to further restrict and monitor access.

Device Control

• If temporary workers use company devices, ensure they are properly secured with:
• Antivirus software
• Full disk encryption
• Remote wipe capabilities
• If using personal devices (BYOD), enforce strict security policies and consider a Mobile Device Management (MDM) solution.

Training & Awareness

• Provide temporary workers with basic cyber security awareness training, covering topics like phishing, password security, and data protection.
• Ensure supervisors understand their responsibilities for monitoring and controlling access.

Incident Response Plan

• Have a clear plan in place to handle security incidents involving temporary workers (e.g., lost credentials, suspected data breaches).
• Include procedures for revoking access immediately if necessary.