Are people really your biggest cyber-security risk?

by |
Once the domain of IT, cyber-security has now cemented itself as an HR issue and it’s no surprise – in a recent survey, business professionals pointed to employees as the biggest potential risk.

Employee malice v. anti-malware

The 2015 First Advantage survey saw a variety of professionals, including HR leaders and C-suite execs, share their thoughts on internal and external security threats. Surprisingly, some 60 per cent said employee background screening is the most important security control that can be put in place to protect an organization – ahead of firewalls and anti-malware programs.

“The survey in many ways confirmed that despite the technological sophistication so often associated with information theft and security issues, there’s a fundamental layer that relates to human resources and people management,” Mark Silver, First Advantage’s Chief Security Officer, told HRM.

“It can be easy to focus heavily on IT solutions like firewalls and anti-malware, which are important, but there should be no mistaking the fact that data breaches also have a lot to do with people making either bad decisions or mistakes,” he added.

When asked about the importance of background screening of new employees in preventing security risks, 57 per cent said it is “extremely important” and 98 per cent agreed it was at least “somewhat important.”

Trojan horse hiding within

Re-screening was also high on the agenda – 35 per cent said the process is “somewhat important,” 17 per cent said it is “very important,” and 19 per cent claimed it is “extremely important.”

Despite the high importance many professionals placed on the practice, it seems most are failing to follow through – the vast majority (61 per cent) admitted it is never done at their workplace. Just 13 per cent of respondents revealed the rescreen annuals and ten per cent do so every other year.

“It is a concerning trend,” said Silver. “Many organizations take solace in the fact that they screen their employees prior to them being hired, yet they turn more of a blind eye when it comes to follow-up screening. They seem to inherently know they ought to do background check-ups on candidates, but the gap between knowing and doing can be significant.”

Silver insists that if organizations don’t perform periodic re-screening, they’re opening themselves to breaches, where confidential or sensitive information could soon find its way into the wrong hands.

“If an employer misses the fact that an employee has committed fraudulent acts subsequent to their appointment and is later compromised by that individual, they have a tough job in front of them in terms of explaining the circumstances to their stakeholders,” stressed Silver. “For example, having a known and convicted embezzler as a senior finance executive should send clear alarm bells to not only top management, but also the board.”

Overcoming obstacles

Compliance is clearly an issue when it comes to rescreening and employers are still trying to navigate their way through best practice and risk mitigation but Silver says it’s not an impossible task.

“One of the most significant, but not difficult, hurdles to overcome is the lack of an appropriate policy framework,” he told HRM. “What do you do if you suddenly find a top executive has been smoking marijuana? Or using other substance? Or what if one of your drivers has been convicted of a DUI, and you are involved in a transportation business?” he asks.

“The lack of a policy that states what is and is not acceptable is vital to making re-screening a viable activity,” he explains. “Maybe it’s okay for your executives to smoke marijuana, but it’s not okay for your drivers to have multiple DUIs. When you decide what is okay and what is not, re-screening should not be a burden for organizations.”

 More like this:

Communication 101 with Mark Bowden

The job 2.3 million people wanted…

How mobile is today’s workforce?
 
 
  • cctv dealers in chennai-esync on 2015-10-28 10:03:58 AM

    esync security as No.1 and reputed cctv Camera dealers in chennai Offer best services http://esyncsecurity.com/ had done cctv camera manufacturers, cctv camera suppliers, cctv camera in chennai,camera exporters,closed circuit Television camera,cctv cameras,closed circuit television cam production centers. To know cctv camera dealers in chennai call us@ 7299004295.

  • CCTV on 2016-02-15 7:41:00 AM

    We are Electronic Manufacturer from Chennai. i would thanks to this services. It's Very Use full for updating my profile. I'm also doing Electronic Devices Sales and Services business in Tamilnadu. Please once visit my business website and give some suggestions. My business contact Numbers: +91 72990 04295 / 044-60508010.

    Our Products: Electronic Security Systems Like CCTV Camera, Fire Alarm, Burglar Alarm, Attendance Systems and more Electronic Security Systems. Dealers and Customers getting best deal with us thanks by Esyncsecurity

  • CCTV Dealers on 2016-02-18 7:00:22 AM

    We are Electronic Manufacturer from Chennai. i would thanks to this services. It's Very Use full for updating my profile. I'm also doing Electronic Devices Sales and Services business in Tamilnadu. Please once visit my business website and give some suggestions. My business contact Numbers: +91 72990 04295 / 044-60508010.

    Our Products: Electronic Security Systems Like CCTV Camera, Fire Alarm, Burglar Alarm, Attendance Systems and more Electronic Security Systems. Dealers and Customers getting best deal with us thanks by Esyncsecurity

  • CCTV-camera on 2016-02-20 2:37:16 AM

    Electronic Security Systems always reduce human security works. But sometimes it's based on other peripheral devices. most of security systems designed with advanced features and technologies. These systems continuously watch implemented circulations coverage areas. Any wrong operations or unauthorised activities, live means it will directly inform to Specific Members or stations. Thanks by cctvdistributors

  • CCTV on 2016-03-03 8:25:09 AM

    Electronic Security Equipment's (Price start from Less than Market) always reduce human security works. But sometimes it's based on other peripheral device. most of security system designed with advanced feature and technologies. All Security systems continuously watch implemented circulations coverage areas. Any wrong operations or unauthorized activities, live means it will directly inform to Specific Members or stations. Thanks by esync

HRM Online forum is the place for positive industry interaction and welcomes your professional and informed opinion.

Name (required)
Comment (required)
By submitting, I agree to the Terms & Conditions