A report recently published by the Irish new site rte.ie detailed how North Korean state-sponsored IT workers are using very sophisticated fake identities to gain employment with tech companies in Ireland, the UK and Europe.

This article raises many questions for companies not just in Ireland but in the UK and beyond on how robust their pre-employment screening processes are.  In a previous blog post we looked at the challenges of verifying identify of remote contractors that arose from this article.

In this article I would like to ask a broader and more fundamental question of your HR processes when it comes to temporary hiring of staff that will work remotely.

Are you applying the same level of scrutiny to your temporary remote workforce as you do to permanent hires?

The gig economy and the rise of remote work is now a big part of the UK economy.  According to website statista.com as of April 2024, the number of temporary workers in the UK reached approximately 1.43 million, indicating a steady growth over the years

Other data from  The Recruitment and Employment Confederation suggests that many organizations report having about 20% of their workforce as flexible employees.

The reasons for the rise are clear, it allows access to talent that is often unavailable or too expensive locally. If you need specialist skills for a short-term project, having a global pool of talented freelances and contractors only a click away can often be the difference between a successful or unsuccessful outcome.

This convenience this offers can mask significant security risks.

If your answer to the central question of this blog “Are you applying the same level of scrutiny to your temporary remote workforce as you do to permanent hires?” is No, then you are exposing your company to unnecessary risk

For sophisticated actors, determined and resourced, who are seeking illegal access to information or funds might see your processes of hiring contract workers as an opportunity.

It should be noted that the length of a work contract does not mean you can be excused from doing the normal checks that would apply if this was a permanent role.  If the role needed BPSS Clearance, Right To Work checks or a DBS Check for example when it is permanent then it needs the same as a temporary position.

Why Freelancers & Contractors Can Be Attractive Targets

Sophisticated actors, including state-sponsored groups, operate strategically. They are serious about what they do. They look for vulnerabilities, and the nature of freelance/contract hiring can sometimes inadvertently create them:

1. Speed Over Scrutiny: Project deadlines loom, we all know that feeling. Often this pressure leads to the onboarding of specialist help quickly. When this happens normal HR pre-employment checks that may take too much time in the context of the upcoming deadline can be overlooked.
2. Perceived Lower Risk: Teams might subconsciously view short-term hires as less risky (“They’re only here for 3 months!”). Yet even temporary access can be enough to steal valuable IP, install malware, or map internal systems for future attacks.
3. Diverse Hiring Channels: Freelancers are often sourced through platforms or agencies, each potentially having different vetting standards. This inconsistency can create gaps.
4. Less Organisational Integration: Contractors might not go through the same depth of HR onboarding or security awareness training as permanent staff. This opens the possibility of they being more susceptible to social engineering.
5. Focus on Skill, Not Just Identity: The primary focus is often “Can this person do the job?”. Verifying who they are beyond their claimed skills might take a backseat, especially when dealing with niche expertise.

The risks are enormous and do have devastating consequences for the company involved.

• Intellectual Property Theft: Gaining access to codebases, proprietary algorithms, product roadmaps, or sensitive research – highly valuable targets in the tech sectors in particular.
• System Compromise: Using legitimate access credentials (even temporary ones) to infiltrate networks, plant backdoors, disable security measures, or exfiltrate data.
• Financial Extraction: Beyond salaries, potentially manipulating payment systems or facilitating cryptocurrency theft, directly funding illicit activities.
• Espionage & Reconnaissance: Using the contract role as a foothold to gather intelligence on the company, its clients, or its technology for state-level objectives.
• Compliance Violations: Unknowingly engaging individuals linked to sanctioned entities carries severe legal and financial penalties.

Standard Checks Aren’t Enough – Especially Here

If standard checks can sometimes be bypassed by determined individuals targeting permanent roles (as the RTE report shows), they are even less likely to do the job when potentially applied with less rigour or not at all to temporary hires.

Relying on a platform’s basic profile verification, a quick video call, or a quick CV check is insufficient against determined actors using:

• Expertly forged or stolen identity documents.
• VPNs and proxies to mask their true location.
• AI-generated profiles and potentially coached interview responses.
• Local ‘mules’ to potentially pass initial ID checks.

Checkback: Consistent Security Across Your Entire Workforce

The risks associated with a compromised contractor can be just as severe as those from a permanent employee. Security cannot be conditional on contract length.  With this in mind, Checkback provides the tools to ensure consistent, robust vetting for all your remote hires:

• Robust ID Verification (IDVT): Our Home Office approved technology rigorously verifies identity documents, crucial for remote freelancers where you never meet face-to-face. This helps counter sophisticated forgeries.
• Global Background Checks: With reach in 160+ countries, we can investigate backgrounds regardless of where your contractor claims to be based, essential for the global talent pool.
• Right to Work Checks: Even for contractors, ensuring they have the legal right to work in the relevant jurisdiction (if applicable) is vital for compliance and helps detect impersonation.
• Fast & Efficient Platform: Our online system streamlines the process, making thorough vetting feasible even for short-term, rapid-start projects without sacrificing security.
• Consistent Standards: Apply the same high level of verification (ID, background, qualifications) to contractors as you do permanent staff, closing potential security gaps.
• Expert Human Oversight: Our experienced team understands very well the nuances of international checks. They can spot red flags that automated systems might miss.

Don’t Let Flexibility Become Your Achilles’ Heel

Leveraging remote freelancers and contractors is smart business. But failing to adequately vet them is a significant risk. It’s a risk you do not have to take. The threats are real, sophisticated, and potentially devastating to your company’s reputation and balance sheet.

Ensure your vetting process is as agile and robust as your workforce strategy. Apply consistent, high-level scrutiny to everyone who gains access to your systems and information, regardless of their employment status.

Checkback provides the reliable, efficient, and comprehensive verification needed to hire remote contractors with confidence, protecting your projects, your data, and your reputation.