Written By ESR News Blog Editor Thomas Ahearn
Employers increasingly concerned about the risks associated with “insider threats” – where employees have the ability to wreak havoc on the organizations that hired them – need strategies to minimize those risks, according to an article written by Attorney Lester Rosen, the founder and CEO of San Francisco, CA area background check firm Employment Screening Resources (ESR) and author of “The Safe Hiring Manual.”
In the article titled “Formulating Background Check Strategies To Minimize Insider And Post-hire Threats” posted on the SourceSecurity.com website, Rosen reveals numerous types of insider threats ranging from embezzlement and theft of trade secrets to workplace violence and active shooters. Potential insider threats come not just from employees but anyone with access to a business including contractors, vendors, and temporary workers.
According to Rosen: The identification and prevention of insider threats requires an inter-disciplinary approach that can include mental health assessments, psychological testing, physical security, internal controls, continuous evaluation of personnel, supervisor and co-worker training to recognize danger signals, identification of risk factors, sharing and analyzing information between responsible parties, and a culture of safety, reporting, and integrity.
Rosen says it is critical that an organization have a commitment to prevent insider threats, as well as a leadership team and professionals who are able to formulate and implement an overall strategy. Each new hire carries the potential for insider threats. Even with so-called “good hires,” the potential for insider threats always exists post-hire since circumstances can change. After getting applicants in the front door, a business must be concerned about:
- Employees with substantial authority (C-level and above).
- Access to Information Technology (IT) or proprietary information.
- Access to cash and accounting.
- Access to sensitive information such customer lists and operations data.
To help prevent potential surprises employers can face post-hire from insider threats, Rosen says employers should ensure their job application forms clearly state that any material falsehood or omission can result in termination – no matter when discovered – and have language in employee manuals that deals with discovered falsehoods or omissions post-hire. Background check releases can have “Evergreen” clauses to allow future screening if needed.
There are several post-hire screening tools for detecting insider threats: ongoing “Continuous Evaluation” (CE), re-enactment (post-mortem) screenings, credit reports and asset searches, social media background checks, and screening current workers or newly acquired workforces. However, employers should also be aware that internal “in-house” investigations can invoke the federal Fair Credit Reporting Act (FCRA) that covers background checks for employment.
Since it is hard for employers to measure with any accuracy how an employee will react in the future to various situations – such as a need for money, a substance abuse problem, or ability to act in an ethical way when ordered to do something less than ethical by a superior – Rosen says many organizations have found the key to avoiding insider threats is to supplement background checks with ongoing screening and an environment of control and physical safety.
As predicted in an earlier article by Rosen, employers have increasingly looked at due diligence post-hire to protect against insider threats to organizations after Edward Snowden leaked classified National Security Agency (NSA) documents revealing a secret surveillance program and also the Naval Yard shootings in Washington D.C. put increased emphasis on insider threats. The bottom line is that employers are now concerned about continuous screening.
Employment Screening Resources (ESR) is a global background check firm that is accredited by the National Association of Professional Background Screeners (NAPBS). ESR employees undergo background checks every two years as part of NAPBS accreditation. ESR also has yearly SOC 2 audits to ensure the protection of the security, confidentiality, and privacy of consumer information. To learn more about ESR, visit www.esrcheck.com.
NOTE: Employment Screening Resources (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this web site is for educational purposes only.
© 2016 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.