Are people really your biggest cyber security risk?

Forget firewalls – a recent survey suggests employee background screening is the most important preventative measure.

Are people really your biggest cyber security risk?
Once the domain of IT, cyber-security has now cemented itself as an HR issue and it’s no surprise – in a recent survey, business professionals pointed to employees as the biggest potential risk.

Employee malice v. anti-malware 

The 2015 First Advantage survey saw a variety of professionals, including HR leaders and C-suite execs, share their thoughts on internal and external security threats. 

Surprisingly, some 60% said employee background screening is the most important security control that can be put in place to protect an organisation – ahead of firewalls and anti-malware programs.

“The survey in many ways confirmed that despite the technological sophistication so often associated with information theft and security issues, there’s a fundamental layer that relates to human resources and people management,” Mark Silver, First Advantage’s Chief Security Officer, said.

“It can be easy to focus heavily on IT solutions like firewalls and anti-malware, which are important, but there should be no mistaking the fact that data breaches also have a lot to do with people making either bad decisions or mistakes,” he added.

When asked about the importance of background screening of new employees in preventing security risks, 57% said it is “extremely important” and 98% agreed it was at least “somewhat important.”

Trojan horse hiding within

Re-screening was also high on the agenda – 35% said the process is “somewhat important,” 17% said it is “very important,” and 19% claimed it is “extremely important.”

Despite the high importance many professionals placed on the practice, it seems most are failing to follow through – the vast majority (61%) admitted it is never done at their workplace. Just 13% of respondents revealed the rescreen annuals and 10% do so every other year.

“It is a concerning trend,” said Silver. “Many organisations take solace in the fact that they screen their employees prior to them being hired, yet they turn more of a blind eye when it comes to follow-up screening. They seem to inherently know they ought to do background check-ups on candidates, but the gap between knowing and doing can be significant.”

Silver insists that if organisations don’t perform periodic re-screening, they’re opening themselves to breaches, where confidential or sensitive information could soon find its way into the wrong hands.

“If an employer misses the fact that an employee has committed fraudulent acts subsequent to their appointment and is later compromised by that individual, they have a tough job in front of them in terms of explaining the circumstances to their stakeholders,” stressed Silver. “For example, having a known and convicted embezzler as a senior finance executive should send clear alarm bells to not only top management, but also the board.”

Overcoming obstacles 

Compliance is clearly an issue when it comes to rescreening and employers are still trying to navigate their way through best practice and risk mitigation but Silver says it’s not an impossible task.

“One of the most significant, but not difficult, hurdles to overcome is the lack of an appropriate policy framework,” he said. “What do you do if you suddenly find a top executive has been smoking marijuana? Or using other substance? Or what if one of your drivers has been convicted of a DUI, and you are involved in a transportation business?” he asks.

“The lack of a policy that states what is and is not acceptable is vital to making re-screening a viable activity,” he explains. “Maybe it’s okay for your executives to smoke marijuana, but it’s not okay for your drivers to have multiple DUIs. When you decide what is okay and what is not, re-screening should not be a burden for organisations.”

Free newsletter

Subscribe to our FREE newsletter service and we’ll keep you up-to-date with the latest breaking news, cutting edge opinion, and expert analysis affecting both your business and the industry as whole.

Please enter your email address below and click on Sign Up for daily newsletters from NZ Lawyer.

Recent articles & video

Law Society's national office building sold

Lowndes attracts new principal

KPMG Legal Thailand launched

Here are the finalists for all of this year’s Australasian Law Awards deal categories

Criminal Cases Review Commission chief and advisory board named

Finance expert makes partner at Morrison Mallett

Most Read Articles

Top litigator returns to NZ, joins Russell McVeagh partnership

Here are the finalists for all of this year’s Australasian Law Awards deal categories

Legal disruptor looks to Australian success to inspire NZ growth

Criminal Cases Review Commission chief and advisory board named