Confronting the Insider Threat

By Laura Spadanuta

Criminal histories. Companies may want to check criminal histories of job applicants for red flags that could indicate a person might not be trustworthy, but they have to be careful to abide by legal restrictions increasingly being placed on the use of this type of information. (For more information on this topic, see “Managing” on page 74).

Due diligence. Whatever the background check entails, the information in it must be verified. An unreliable background check will be useless. For example, it has been reported that Snowden’s education claims were not entirely accurate, but according to public reports, this did not lead Snowden’s background checker U.S. Investigations Services, known as USIS, to revoke his security clearance. That contractor and others that have done similar work for the intelligence community are now being scrutinized. (It may turn out that they have explanations for what occurred.)

How can a company ascertain whether the vendor hired to do background checks is doing a good job? “Some sort of quality assurance is appropriate,” Ferraro says. For example, the contractor might be asked to do background checks on some individuals about whom the results are already known so that the results can be compared and the thoroughness of the work assessed. One of the reasons USIS is under scrutiny is because the company allegedly did not do all of the secondary reviews it claimed to have done to ensure that reported results were accurate.

Ferraro advocates conducting proper due diligence on the vendor. “It’s like anything else. You just don’t take your cars to any mechanic, you take them to the right mechanic if you want the problem fixed. So due diligence is an important component. And associations, trade organizations like ASIS International and [the Society of Human Resource Management] often hold training and seminars on this topic, as do all of the major law firms. In fact, law firms are a very good source of finding a quality vendor,” says Ferraro.

In-house. When a company conducts the background check on potential employees on its own, says Ferraro, “much of the Fair Credit Reporting Act does not apply.” However, before companies jump on that option, they must consider the drawbacks to in-house searches. First is greater liability. “Number one is a risk-management issue. If I use you as my vendor and something happens, I can always sue you. If I do it myself, who am I going to sue?” Ferraro says.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.