How Companies Stop Insider Threats Before They Occur
With insider threats on the rise (up 47% in the last two years), a thorough screening process has become imperative for any new hire. Expanding well beyond a simple ‘check-the-box task,’ screening demands a comprehensive process that uncovers potential indicators of risk and intentions (positive or negative) that a candidate may bring to the organization.
However, there’s no need to be overwhelmed — this article will provide guidance around the foundational components to conduct a pre-employment screening process that any security manager would be proud of. Further, once a vetting process is established, a domino effect will take place, creating greater awareness throughout the workplace and a stronger reporting culture.
Four Reasons to Conduct Pre-employment Screening
First it’s important to remember why pre-employment screening matters in the growing list of security priorities. At the end of the day, ensuring that you have conducted a thorough background check and collected supporting materials may be your greatest means of defense for combatting these types of insider threats to your company and its people. Here are four reasons why pre-employment screening matters:
Protect Your Reputation — Every company wants customers coming back. However, when an insider threat poses a serious risk to the company, it not only puts your employees in danger, but also your clients. Moreover, it creates a culture of fear and tarnishes the brand name.
Avoid Crippling Costs — The cost of insider threats and hostile terminations as a result of a poor screening process can be detrimental to a company. Based on a Ponemon study,“2020 Cost of Insider Threats: Global Report,” companies spend an average of $755,760 on each insider-related incident.
Foster Positive Workplace Morale — You present a risk to your company every time you hire someone new. However, this risk can be reduced if new hires are properly vetted, fostering peace of mind in the workplace. (According to HireRight’s 2020 research, 47% of background checks revealed previous employment discrepancies and 38% revealed discrepancies with the candidate’s reported education credentials.)
Increase Productivity and Quality of Work — It may sound simple but when employees feel safe and protected, performance and productivity increase significantly.
The Core Components of the Screening Process
Because of the reasons shared above, employers need to verify the accuracy of information related to potential new hires. During this process, any red flags should be noted and examined in detail. In most instances, new hires exhibiting anything other than low risk behavior should not be hired.
This is a critical step for building out your insider threat program as it determines the future of the company and its people, as well as the longevity of your program overall.
Pre-Employment Screening Category
Below we’ve shared some foundational screening categories, and the information they help reveal:
Criminal Records Check — Reports of past violence
Public Records Search — Undisclosed listing on government watchlists, national sex offender registry, motor vehicle records check, civil records, credit history, etc.
Reference Checks and Education Verification — Resume verification (education, past employment co-worker conflicts, and title discrepancies)
Interview Process Observations — Discuss any red flags, being mindful to not violate relevant privacy or “ban the box” laws
Social Media Activity — Review for criminal activity or behavior that goes against company values (dependent on company’s HR and legal)
All of these points can give you better insight into your decision to hire an employee.
Establishing a Strong Insider Threat Awareness and Training Program
The pre-employment screening process is highly important for creating a system of accountability. By engaging with employees to establish a strong reporting culture with a focus on insider threat awareness and training, companies can reduce the risk of an attack. This is also important because many times insider threats are unintentional, resulting from falling victim to phishing attempts, noncompliance with company policies, or other activities.
Therefore, we recommend that each company enforces an effective screening process to properly vet new hires, while simultaneously promoting regular and continuous insider threat awareness, education, and training in the workplace. While a ‘check the box’ process is easy at the time, reducing the risk of jeopardizing your company’s brand and its people is worth a few additional turns in the road.
To learn more on this topic, register to attend our webinar on How to Mitigate Insider Threats with Continuous Monitoring.