Many organizations believe that once they hire a new employee or contractor, the person is automatically part of a trusted group of people within the organization. This new hire is given access to sensitive company information that an ordinary person would never have. But why do they suddenly trust this person? Many organizations don’t perform background checks or reference checks and as long as this prospective employee is liked by the hiring manager, they are hired.
The problem with this is that many people may not be who they say they are or who you think they are. Not adequately validating these individuals’ backgrounds can end up being a costly, if not devastating mistake for your company. These people being hired are complete strangers, yet they are given access to your critical business information.
Think about it—if a competitor really wanted to do damage to your business, steal critical secrets, or even run you out of business, all they have to do is find one of your job openings, prep someone to pass your screening process, have that person get hired, and they are inside your business. The fact that it is this easy should scare the daylights out of hiring managers.
Do you think this is far-fetched? Let me inform you that according to Dr. Eric Cole and Sandra Ring, authors of Insider Threat: Protecting the Enterprise from Sabotage, Spying and Theft, this is a common practice among some foreign governments. They will plant a spy against a nation or organization and use their knowledge of the company’s hiring criteria to prep the “spy” for employment. Even if the potential employee has to pass a polygraph exam, he or she can be prepped to pass that, too. Once hired, this individual becomes a trusted insider and can cause serious damage to your organization.
So what can you do to prevent this type of activity within your organization? Examine your hiring practices! Your organization’s approach to reducing this kind of insider threat should start with your hiring process. Background checks should be conducted to reveal previous criminal convictions. Additionally, a credit check should be performed, and credentials and past employment should be verified. When verifying past employment, don’t just get verification that the prospective employee worked there: if possible, include discussions with prior employers regarding the individual’s abilities and approach to dealing with workplace issues.
Prior to conducting background checks, ensure that you consider your particular legal requirements, such as the Equal Employment Opportunity Commission’s (EEOC’s) best practices and state and local regulations limiting the use of criminal or credit checks.
The bottom line is that organizations should require background checks for all potential employees as well as contractors and subcontractors, and they should be investigated thoroughly as a preventative measure for insider threats.
Cole, E., & Sandra, R. (2006). Insider threat: Protecting the enterprise from sabatage and spying and theft. Rockland: Syngress.