{"id":10502,"date":"2022-02-08T12:59:38","date_gmt":"2022-02-08T09:59:38","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10502"},"modified":"2022-02-08T12:59:38","modified_gmt":"2022-02-08T09:59:38","slug":"working-with-freelances-dangers","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/working-with-freelances-dangers\/10502\/","title":{"rendered":"Serbest \u00e7al\u0131\u015fanlarla i\u015f yaparken g\u00fcvende kalman\u0131n yollar\u0131"},"content":{"rendered":"<p>Serbest \u00e7al\u0131\u015fanlarla i\u015f yapmak, bir\u00e7ok y\u00f6netici i\u00e7in uzun zamand\u0131r bir rutin haline geldi. Genellikle ilave bir \u00e7al\u0131\u015fan\u0131 daha i\u015fe almaya g\u00fcc\u00fc yetmeyen k\u00fc\u00e7\u00fck i\u015fletmeler bir yana, b\u00fcy\u00fck kurulu\u015flarda bile t\u00fcm g\u00f6revleri ekip i\u00e7inde \u00e7\u00f6zmek m\u00fcmk\u00fcn de\u011fil. Ancak dijital i\u015f ak\u0131\u015f\u0131na bir yabanc\u0131y\u0131 ba\u011flamak, \u00f6zellikle bir arac\u0131 kurum olmadan do\u011frudan bir ki\u015fiyle \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131zda ek siber riskler do\u011furabilir.<\/p>\n<h2>Gelen e-postadaki tehlikeler<\/h2>\n<p>Do\u011fru serbest \u00e7al\u0131\u015fan\u0131 ararken potansiyel tehditleri de d\u00fc\u015f\u00fcnmeye ba\u015flamal\u0131s\u0131n\u0131z. Birine i\u015f vermeden \u00f6nce b\u00fcy\u00fck olas\u0131l\u0131kla bu ki\u015finin portfolyosunu g\u00f6rmek isteyeceksiniz. Bir serbest \u00e7al\u0131\u015fan size bunun i\u00e7in bir belge, bir dizi \u00e7al\u0131\u015fmas\u0131n\u0131 i\u00e7eren bir ar\u015fiv veya \u00fc\u00e7\u00fcnc\u00fc taraf bir siteye ba\u011flant\u0131 g\u00f6nderebilir; siz de muhtemelen ba\u011flant\u0131ya t\u0131klamak ya da dosyay\u0131 a\u00e7mak zorunda hissedebilirsiniz. Oysa o dosyada veya sitede akl\u0131n\u0131za gelebilecek ba\u015fka her \u015fey olabilir.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar, taray\u0131c\u0131larda ve ofis paketlerinde s\u00fcrekli g\u00fcvenlik a\u00e7\u0131klar\u0131 ke\u015ffediyor. Sald\u0131rganlar\u0131n bir metin belgesine k\u00f6t\u00fc ama\u00e7l\u0131 komut dosyalar\u0131 ekleyerek veya bir k\u00f6t\u00fcye kullan\u0131m paketini web sitesi koduna g\u00f6merek kurumsal bilgisayarlar\u0131n kontrol\u00fcn\u00fc ele ge\u00e7irmeyi ba\u015fard\u0131\u011f\u0131 olaylarla birden fazla kez kar\u015f\u0131la\u015ft\u0131k. Ancak bazen bu t\u00fcr hileler bile gerekmeyebiliyor. Baz\u0131 \u00e7al\u0131\u015fanlar, uzant\u0131ya bakmadan gelen dosyaya t\u0131klamaya ve bir y\u00fcr\u00fct\u00fclebilir dosyay\u0131 ba\u015flatmaya d\u00fcnden haz\u0131r.<\/p>\n<p>\u00dcstelik, bir sald\u0131rgan\u0131n (kendi \u00e7al\u0131\u015fmalar\u0131ndan olu\u015fmasa da) normal bir portfolyo g\u00f6sterip, daha sonras\u0131nda i\u015fi teslim ederken k\u00f6t\u00fc ama\u00e7l\u0131 bir dosya g\u00f6nderebilece\u011fini de unutmay\u0131n. Dahas\u0131, ba\u015fka birisi serbest \u00e7al\u0131\u015fan\u0131n bilgisayar\u0131n\u0131n veya posta kutusunun kontrol\u00fcn\u00fc ele ge\u00e7irebilir ve bunlar\u0131 \u015firketinize sald\u0131rmak i\u00e7in kullanabilir. Sonu\u00e7ta hi\u00e7 kimse bu ki\u015finin cihaz\u0131n\u0131n veya hesab\u0131n\u0131n nas\u0131l korundu\u011funu bilmiyor ve BT g\u00fcvenli\u011finizin orada olup bitenler \u00fczerinde hi\u00e7bir kontrol\u00fc yok. Y\u0131llard\u0131r birlikte \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131z bir serbest \u00e7al\u0131\u015fandan gelmi\u015f olsalar bile, al\u0131nan dosyalar\u0131 kontrol etmeden g\u00fcvenilir kabul etmemelisiniz.<\/p>\n<h3>Kar\u015f\u0131 \u00f6nlemler<\/h3>\n<p>\u015eirket altyap\u0131s\u0131 d\u0131\u015f\u0131nda olu\u015fturulan belgelerle \u00e7al\u0131\u015fman\u0131z gerekiyorsa dijital hijyeni sa\u011flamak son derece \u00f6nemlidir. T\u00fcm \u00e7al\u0131\u015fanlar ilgili siber tehditlerin fark\u0131nda olmal\u0131d\u0131r, bu nedenle <a href=\"https:\/\/k-asap.com\/tr\/?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______&amp;utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=tr_wpplaceholder_nv0092&amp;utm_content=link&amp;utm_term=tr_kdaily_organic_avmwswubv8qh92b\" target=\"_blank\" rel=\"noopener\">g\u00fcvenlik fark\u0131ndal\u0131\u011f\u0131 d\u00fczeylerini<\/a> y\u00fckseltmeyi de\u011ferlendirin. Ek olarak, baz\u0131 pratik tavsiyelerde bulunabiliriz:<\/p>\n<ul>\n<li>Belge al\u0131\u015fveri\u015fi i\u00e7in kat\u0131 kurallar belirleyin, serbest \u00e7al\u0131\u015fanlar\u0131 bilgilendirin ve bu kurallara uymayan dosyalar\u0131 a\u00e7may\u0131n. Kendili\u011finden a\u00e7\u0131lan ar\u015fiv mi? Hay\u0131r, te\u015fekk\u00fcrler. Parolas\u0131 ayn\u0131 e-posta i\u00e7inde belirtilen parolal\u0131 bir ar\u015fiv mi? Bunu yaln\u0131zca k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan korumaya y\u00f6nelik e-posta filtrelerini atlamak i\u00e7in kullan\u0131yor olabilirler.<\/li>\n<li>Harici kaynaklardan gelen dosyalarla \u00e7al\u0131\u015fmak i\u00e7in a\u011f\u0131n geri kalan\u0131ndan izole edilmi\u015f ayr\u0131 bir bilgisayar veya sanal makine ay\u0131r\u0131n ya da en az\u0131ndan dosyalar\u0131 \u00f6nce bunlarda kontrol edin. Bu \u015fekilde, bir bula\u015fma durumunda olas\u0131 hasar\u0131 \u00f6nemli \u00f6l\u00e7\u00fcde azaltabilirsiniz.<\/li>\n<li>G\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlan\u0131lmas\u0131n\u0131 veya k\u00f6t\u00fc ama\u00e7l\u0131 bir internet sitesine y\u00f6nlendiren ba\u011flant\u0131lara t\u0131klamay\u0131 engellemek i\u00e7in bu bilgisayar\u0131 veya sanal makineye <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc<\/a> kurdu\u011funuzdan emin olun.<\/li>\n<\/ul>\n<h2>Eri\u015fim haklar\u0131<\/h2>\n<p>\u0130htiya\u00e7 duydu\u011funuz \u015firket d\u0131\u015f\u0131 uzman\u0131 buldu\u011funuzu varsayal\u0131m. Bir proje \u00fczerinde i\u015fbirli\u011fi yapmak i\u00e7in, serbest \u00e7al\u0131\u015fanlar\u0131n genellikle \u015firketin dijital sistemlerine (dosya payla\u015f\u0131m platformlar\u0131, proje y\u00f6netim sistemleri, konferans hizmetleri, \u015firket i\u00e7i mesajla\u015fma uygulamalar\u0131, bulut hizmetleri vb.) eri\u015fmesi gerekir. Burada iki hatadan ka\u00e7\u0131nmal\u0131s\u0131n\u0131z: Serbest \u00e7al\u0131\u015fana gerekenin \u00fcst\u00fcnde haklar vermeyin ve \u00e7al\u0131\u015fma tamamland\u0131ktan sonra eri\u015fimi iptal etmeyi unutmay\u0131n.<\/p>\n<p>Haklar\u0131n verilmesi s\u0131ras\u0131nda en az ayr\u0131cal\u0131k ilkesine ba\u011fl\u0131 kalmak en iyisidir. Serbest \u00e7al\u0131\u015fan, yaln\u0131zca mevcut proje i\u00e7in gerekli olan kaynaklara eri\u015febilmelidir. Dosya deposuna s\u0131n\u0131rs\u0131z eri\u015fim ve hatta sohbet ge\u00e7mi\u015fleri birer tehdit olu\u015fturabilir. Yard\u0131mc\u0131 hizmetlerde saklanan bilgileri bile hafife almay\u0131n. Bas\u0131nda \u00e7\u0131kan haberlere g\u00f6re, <a href=\"https:\/\/www.nytimes.com\/2020\/07\/17\/technology\/twitter-hackers-interview.html\" target=\"_blank\" rel=\"noopener nofollow\">2020\u2019de Twitter\u2019\u0131n hacklenmesi,<\/a> sald\u0131rganlar\u0131n kurulu\u015fun dahili sohbetine eri\u015fmesiyle ba\u015flad\u0131. Sohbete eri\u015fim sa\u011flad\u0131ktan sonra, sosyal m\u00fchendislik y\u00f6ntemlerini kullanarak \u015firket \u00e7al\u0131\u015fanlar\u0131ndan birini, kendilerine onlarca hesaba eri\u015fim vermeye ikna etmeyi ba\u015fard\u0131lar.<\/p>\n<p>Proje bitiminden sonra haklar\u0131n iptal edilmesi de bir formaliteden ibaret de\u011fil. \u00c7al\u0131\u015fmay\u0131 tamamlayan serbest \u00e7al\u0131\u015fan\u0131n illa proje y\u00f6netim sisteminizi hacklemeye ba\u015flayaca\u011f\u0131n\u0131 s\u00f6ylemiyoruz. Kurumsal verilere eri\u015fimi olan ek bir hesab\u0131n varl\u0131\u011f\u0131 genel olarak iyi bir \u015fey de\u011fil. Serbest \u00e7al\u0131\u015fan ki\u015fi zay\u0131f bir parola belirlerse veya parolay\u0131 di\u011fer hesaplar\u0131nda da kullan\u0131rsa ne olacak? Bir s\u0131z\u0131nt\u0131 durumunda, kurumsal a\u011f\u0131n\u0131zda ek bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 noktas\u0131 olacak.<\/p>\n<h3>Kar\u015f\u0131 \u00f6nlemler<\/h3>\n<p>Yap\u0131lacak en \u00f6nemli \u015fey, i\u015f ili\u015fkisi sona erdikten sonra serbest \u00e7al\u0131\u015fan\u0131n hesab\u0131n\u0131 silmek veya devre d\u0131\u015f\u0131 b\u0131rakmakt\u0131r. En az\u0131ndan ili\u015fkili postay\u0131 ve parolay\u0131 mutlaka de\u011fi\u015ftirin; bu, hesapla ili\u015fkili t\u00fcm verileri silen sistemlerde gerekli olabilir. Ek olarak \u015funlar\u0131 \u00f6neriyoruz:<\/p>\n<ul>\n<li>Kimin hangi hizmetlere eri\u015fimi oldu\u011funa dair merkezi bir kay\u0131t tutun. Bu hem proje sona erdikten sonra t\u00fcm haklar\u0131 iptal etmenize yard\u0131mc\u0131 olur hem de bir olay\u0131 ara\u015ft\u0131r\u0131rken faydal\u0131 olabilir.<\/li>\n<li>Y\u00fcklenicilerin \u015firket kaynaklar\u0131na ba\u011flanmak i\u00e7in kulland\u0131klar\u0131 cihazlarda iyi dijital hijyen sa\u011flamas\u0131n\u0131 ve (en az\u0131ndan \u00fccretsiz bir) g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc kullanmas\u0131n\u0131 zorunlu tutun.<\/li>\n<li>M\u00fcmk\u00fcn oldu\u011funca t\u00fcm bulut sistemlerinde iki fakt\u00f6rl\u00fc kimlik do\u011frulamay\u0131 zorunlu hale getirin.<\/li>\n<li>M\u00fcmk\u00fcnse serbest \u00e7al\u0131\u015fanlar\u0131n ve y\u00fcklenicilerin projeleri ve dosyalar\u0131 i\u00e7in ayr\u0131 bir altyap\u0131 olu\u015fturun.<\/li>\n<li>Bulut deposuna veya kurumsal sunucuya y\u00fcklenen t\u00fcm dosyalar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlara kar\u015f\u0131 taray\u0131n.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Serbest \u00e7al\u0131\u015fanlarla ilgili olas\u0131 siber tehditlere kar\u015f\u0131 makul korunma y\u00f6ntemleri. <\/p>\n","protected":false},"author":665,"featured_media":10503,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727],"tags":[1921,1823,1807,1269],"class_list":{"0":"post-10502","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"tag-e-posta","11":"tag-erisim-haklari","12":"tag-freelance","13":"tag-guvenlik-farkindaligi"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/working-with-freelances-dangers\/10502\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/working-with-freelances-dangers\/23877\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/working-with-freelances-dangers\/19374\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/working-with-freelances-dangers\/9733\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/working-with-freelances-dangers\/26119\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/working-with-freelances-dangers\/24087\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/working-with-freelances-dangers\/23887\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/working-with-freelances-dangers\/26862\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/working-with-freelances-dangers\/26420\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/working-with-freelances-dangers\/32344\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/working-with-freelances-dangers\/43543\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/working-with-freelances-dangers\/18531\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/working-with-freelances-dangers\/18942\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/working-with-freelances-dangers\/15775\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/working-with-freelances-dangers\/28092\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/working-with-freelances-dangers\/32421\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/working-with-freelances-dangers\/28087\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/working-with-freelances-dangers\/24806\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/working-with-freelances-dangers\/30223\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/working-with-freelances-dangers\/30012\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/freelance\/","name":"freelance"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/665"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10502"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10502\/revisions"}],"predecessor-version":[{"id":10504,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10502\/revisions\/10504"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10503"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}