I will walk you through.
In past I've hired enough freelancers to figure out the best practices on my own. No books, no guides - learn by mistakes. Oh I made plenty over the past 8 years.
NB This is no article to promote myself, rather than teaching and expanding
I've been hiring freelance professionals for almost every project I had to work on for nearly a decade. The problem is I work with them as on need-to-know basis. You can't trust a freelancer. Over the years some grant your trust, some lose it. That's how you filter those connections. I have colleagues I worked on couple of projects, I have some I never worked since the first day of working together.
Most big projects require certain level of privacy and data control. We had security issues, breaches, leaks, untrustworthy freelancers and all up to 'company espionage'.
Even when I am not team leading or in management position in the team I will always keep the privacy of the client when I am responsible for new hires. That happens really hard if you don't have the experience of doing so.
For the first couple of years I didn't and stuff happened. Stuff would happen to you too if you over-trust your freelancers. Before trusting anyone you would have to go through some steps.
1. Encrypt sensitive data on your project
This is extremely important. Talking about sensitive functions, encryptions and data operations. For web development with php backend Ioncube and such are your friends in times of need. Encrypt a function, write extensive documentation on it if a freelancer needs to use it and let it be.
- No root access to databases is a must
- Limited database user permissions as well
Hate to repeat myself, but DO NOT RESPECT user privacy in cases of hiring freelancers while working with sensitive data. Use tracking software, key-logging, screen captures and deep monitoring on the freelancer connected machines. If he wants to work with you he must obey - no swag intended.
Usually I do deep monitoring on each and every freelancer, it's mentioned on every contract I sign. For the time frame of the project duration the freelancer must forget about the words privacy and discretion as it concerns our operations.
We are monitoring every aspect of the freelancer's work.
3. Do your extensive background check
Every employer does (should do) that. If we are talking about freelancers working on sensitive projects we are talking about not only scrapping his/her Twitter and Facebook feeds. We are talking about
- deep web searches
- accountability and online history for the past 5 years
- previous client references
All that and even more to build up the freelancer profile for yourself. Psychophysical and reputation one.
Creating much more fulfilling profiles (about 200%) for every hire we do, than a HR would, in terms of background and behavioral profiling. With such you can calculate the risks for each employee evenly.
4. Contract termination
Tricky, tricky. First monitoring part - read that again. If you are going to terminate freelancer contract, terminate it before him knowing - so no damage could be done. Erase access, remove his backups from personal computers and clouds.
Create distraction work for the freelance professional while preparing contract termination.
Make sure you cut the freelancer completely, even than you have to offer an generous compensation for earlier contract termination if such is done.
How to not make mistakes ?
You can't. You do, you learn. The important part is to minimize the damage done to your project and staff.
What about my HR staff ?
HR recruiting suitable candidates have nothing to do with the process I walked you trough. It's independent and most of it - illegal, which if done right can't be proven. Violating the UN universal declaration of human rights ain't the best thing to do, but you have two pointers. First the freelancers would know this by contract (if not happy, well we find someone who would be) and second aim straight for the main goal - our project's success.
I've done all of what I talked about here. I am not proud of it, but I am proud I eliminated all the mistakes from the past to work better and safe with freelancers.