Why Companies Should Employ Continuous Background Screenings

December 29, 2017

Why Companies Should Employ Continuous Background Screenings

With wait times at airport security on the rise, many travelers have begun investing in pre-check programs that provide passengers a fast track through airport checkpoints. But not every traveler is guaranteed the privilege to bypass security. In addition to an annual fee, programs like Global Entry and transportation security administration PreCheck often require background checks on every applicant. Anyone with a criminal record or who has violated customs regulations will be rejected, while individuals considered “low-risk” are approved for the pre-check program.


Just as the TSA screens travelers for fast-track privileges, companies conduct background checks to ensure they are hiring the right people to join their team. With corporate assets at stake, companies perform background checks to both protect employers from liability concerns and to ensure the safety of their workforce.


While external attacks are a cause for concern, companies must also be ready to deal with security threats that originate from within the organization. Such security threats include disgruntled employees sabotaging corporate equipment, stealing confidential files for personal gain or providing outside attackers with access to internal systems for profit. But internal threats can also originate with employees who inadvertently open phishing emails or submit confidential information to malicious sites. Combing through a candidate’s history before bringing them onboard can help companies ensure they are hiring the best people possible for the job -- and not someone who may turn into a problem later.


What background checks can reveal about a potential employee


There are several things employers look for when conducting background checks on candidates. In addition to education and previous work history, employers typically ask for criminal records and credit history to round out their judgement of any potential candidate. Companies want to make sure their employees are telling the truth. If any information on a candidate’s resume turns out to be falsified, this may raise a red flag about that person’s integrity.


Employers might also ask candidates for a couple of references to validate claims listed on a resume or employee application. An employer can ask to speak to a candidate’s former manager to gain a sense of how that person fits in the position available and speak to an individual’s ability to meet deadlines. Similarly, a former colleague can illuminate an applicant’s ability to work with others and provide an honest assessment that helps employers understand why they should hire that individual.


While background checks provide a snapshot of your employee’s past, they don’t always reflect what they will do in the future now that they have access to your company’s assets.


Depending on the job function, employers may pass on candidates with criminal records or poor recommendations from references. A bank, for example, will want to steer clear of suspicious applicants with prior burglary arrests or a history of questionable work behavior. With internal threats on the rise, companies would do well to implement background checks before hiring someone who may engage in corporate espionage later.


Periodic background checks can prevent security nightmares before they occur


Screening candidates before bringing them on full-time helps organizations ensure they are hiring the right person for the job. But many companies make the mistake of only running initial background checks when they should routinely conduct screenings throughout an employee’s tenure. While background checks provide a snapshot of your employee’s past, they don’t always reflect what they will do in the future now that they have access to your company’s assets.


Repeat screenings are one way to hold every individual accountable for his or her actions and to guarantee only the most trustworthy employees are given access to sensitive information. Periodic background checks can also identify suspicious activities and behaviors that may have gone unnoticed during initial examinations. If an employee recently ran into trouble with the law, companies would have no way of knowing unless they conducted a periodic background check or if that employee self-reports him or herself.


As threats evolve, so must cybersecurity measures. Protecting corporate assets includes verifying that your team is comprised of the trustworthy individuals you hired from the beginning. Organizations should consider a risk based approach, specifically assigning to each employee the least privileged access to every company resource, meaning no employee has more privileges than they can be trusted with or that they require to fulfill their duties. HR will need to work with the IT department, which is in the critical path of the employee lifecycle, in order to quickly revisit user access privileges to modify and revoke them instantly as needed.


Cybersecurity investments are expected to exceed $1 trillion over the next three years as organizations prepare to face an increase in digital threats. While there’s only so much a company can do to fend off external security threats, they can control what happens with teams internally and take steps to reduce the chance of a fallout originating from within. With periodic background checks, organizations can rest a little easier knowing their employees can be trusted with sensitive information and are unlikely to engage in corporate espionage.


The Authors: 

Alvaro Hoyos is the chief information security officer for OneLogin, a leader in cloud identity management solutions, where he architects and leads the company’s risk management, security, and compliance efforts. He has more than 15 years in the IT sector. Prior to joining OneLogin, Hoyos helped startups, SMBs, and Fortune 500 companies with their security, compliance, and data privacy objectives. To learn more about Alvaro Hoyos and OneLogin, please visit:https://www.onelogin.com/. Twitter: @wherestherisk