Tech firms spend serious time and money trying to secure their employees and infrastructure from hack . But gig economy companies like Lyft and Handy pay far less attending to cybersecurity for their contractors and , in some pillowcase , advance insecure conduct , researchers say — potentially exposing doer to greater jeopardy of indistinguishability thieving and phishing attacks .
The path that tech platforms pass along with their gig workers often encourage or reinforce shoddy certificate practices , harmonize toresearchby Kendra Albert , a fellow at Harvard Law ’s Cyberlaw Clinic , and Elizabeth Anne Watkins , a Ph.D. researcher at Columbia University .
“ lance work platforms do n’t just externalize their security price , they sometimes actively make their workers less unafraid , ” Albert told attendee on Tuesday atEnigma , a cybersecurity conference in Santa Clara , California , where they gift the research .
Ride - acclaim apps , scavenge companies , and food for thought speech service often demand worker to upload their driver ’s licenses , indemnity entropy , and other personal datum . Sometimes this data ends up leaking — as was the case with a2015 break at Uberthat exposed Social Security numbers and equipment driver ’s license . As a gig worker , “ you ’re engaging in a set of behaviors that might increase your risk , ” Albert say .
Although company often give their employee security education , the same drill do n’t extend to gig prole , the investigator found . This leave contractors with the responsibility to school themselves about how the company they work for shop the datum they hand over , how to detect phishing e-mail and scam , and how to defend themselves against identity theft if a fellowship they contract with suffers a breach .
“ Current gig study models are exacerbating trends towards a digital security divide , ” Albert said .
In accession to hold less corporate accompaniment and tribute , gig workers are also prime targets for scammers , according to Albert . “ There ’s an epidemic of Uber and Lyft driver being common targets for phishing scams , ” Albert said .
Some chiseller will tell drivers that their accounts will be deactivate if they do n’t right away hand over their login credentials . Because threats of inactivation are common in the drive - hailing industry , these message appear more legitimate . “ It ’s believable because that ’s what the systems that are in place already do , ” Albert said . “ distrustfulness makes some security problems spoiled . ”
During their presentation of the inquiry , Albert called on technical school companies to consider more carefully about the ways they pass on with prole to encourage more secure behavior .
“ How do the system you plan , test , and study allocated security risk of infection ? ” they asked . “ Is it to those with the least ability to say no ? ”
lance economyLyftPrivacyUber
Daily Newsletter
Get the best tech , skill , and culture news in your inbox daily .
News from the future , delivered to your present tense .
You May Also Like
