Background Checks: A Cybersecurity Necessity

As part of its 2015 cybersecurity survey, a background screening firm asked business professionals about the security methods they believe most important to prevent cybersecurity breaches.

At the top of the list was employee background screening, with 60 percent of respondents citing screening as the most important security control.

When asked specifically about the importance of employee background screening in cybersecurity, the survey found that 98 percent ranked it as at least "somewhat important," with 57 percent stating it was "extremely important."

In addition, 36 percent of those surveyed said re-screening existing employees was either "very" or "extremely important."

However, though there was overwhelming agreement of the importance of screening, this did not correspond with the practice of screening. A majority (61 percent) of respondents reported that screening is never done at their workplaces. "Human Resources Poll Reveals Concern Over Internal Threats to Cybersecurity,"www.claimsjournal.com (Sept. 17, 2015).

Commentary

Pre-hire threats are, or should be, a concern for every employer. Background checks help reduce that risk especially if an employee has a criminal record for committing a cyber-related crime, like identity theft.

In addition to pre-hire screening, training is also an integral part of cyber loss prevention, especially training designed to prevent employee negligence.

Last, but not least, terminated or disgruntled employees do present a risk, especially those who have access credentials to code and data. Whenever an employee is terminated, access to the system should be closely monitored. Terminated employees should not have access to employer computer systems and data.

Finally, it is always a best practice to limit high-level system access to a small number of employees, especially as it relates to uploading and downloading software and information. High-level access for only one or two people is also not recommended. It's a fine line…you do not want only a few people to have control, in case of issues with them, but you also don't want a situation where too many people have access to your system.   

This informational piece was published on October 15, 2015.

 Via:  Hartford Help