Employers are increasingly concerned about the risks associated with employees, temporary workers, independent contractors, and others who have the ability to wreak havoc on an organization from the inside. This is often referred to as “insider threat.”

There are numerous types of insider and post-hire threats that range from embezzlement, theft of trade secrets, workplace violence or active shooters, and everything else in between. Potential insider threats are not just employees but anyone with access to a business office including contractors, vendors, and temporary workers. While there are numerous tools that can be used for preventing insider threats, this article will focus on background checks.

Although pre-employment background checks are often cited as an essential element of an insider threat prevention program, background checks are just one part of an overall strategy. The identification and prevention of insider threats requires an inter-disciplinary approach that can include mental health assessments, psychological testing, physical security, internal controls, continuous evaluation of personnel, supervisor and co-worker training to recognize danger signals, identification of risk factors, sharing and analyzing information between responsible parties, and a culture of safety, reporting, and integrity. Most critically, an organization needs to have a commitment to prevent these threats, and a leadership team and professionals who are able to formulate and implement an overall strategy. 

Background Checks - A Critical Part Of The Risk-Management Toolkit

Employees are not only a significant investment and large cost, but each hire also represents a large potential risk. Every employer has the obligation to exercise “due diligence” when hiring. Employers, especially in industries with higher risk, need to be able to vouch for the integrity and honesty of their employees. Generally speaking, people with a past history of honesty are much more likely to be honest in the future. Conversely, there is evidence to suggest that if applicants are dishonest in how they obtained a job, they may be dishonest once they have the job. But it is difficult to identify potential “bad hires” just by interviews since some applicants lie so often they come across naturally as if they believe their own story.

Background screening provides a valuable and objective risk-management tool that gives employers additional protection against a bad hire. Employers utilize background checks to minimize the risks associated with workplace violence, lost customers, negligent hiring lawsuits, identity theft and fraud, embezzlement, data breaches, and high turnover. It has been estimated, for example, that the cost of a single bad hire can run from $10,000 to $100,000 given time wasted to recruit, hire, and train and then having to replace the bad hire.

Since background checks can impact employment, it is increasingly subject to more litigation, regulation and legislation
It has been estimated that the cost of a single bad hire can run from $10,000 to $100,000 given time wasted to recruit, hire, and train and then having to replace the bad hire

Background Screening - Types Of Inquiry

A pre-employment background check is conducted under a federal law called the Fair Credit Reporting Act (FCRA) that sets out specific steps, such as the need for a written disclosure and consent as well as steps necessary to ensure accuracy and to allow a consumer to ask for a re-investigation of a report. Background checks broadly cover two types of inquiry. First, a background check may verify information an applicant provides about their credentials, such as past employment and education. Secondly, a check may involve searching relevant public or private records, such as driving records, criminal matters, exclusion or sanction databases, or credit reports. A competent screening firm will have a number of tools that can help an employer depending on the nature and risk of the hire and the industry involved.

Criminal record checks in particular are often a key element of a background check since past criminal conduct can raise concerns about the propensity to repeat criminal behavior. However, employers need to be mindful of their obligations under Equal Employment Opportunity (EEO) laws and other laws such as Ban the Box rules that prohibit asking about a criminal record on an application form, to ensure that the use of criminal records is both relevant and fair and complies with an employer’s legal obligations. 

Since background checks can impact employment, it is increasingly subject to more litigation, regulation and legislation. Class action lawsuits against employers have dramatically risen for example. For that reason, background screening has become a highly regulated professional endeavor that requires legal compliance expertise and the ability to provide highly accurate information while maintaining the highest level of data security and protection. 

Do Background Checks Eliminate Future Risks?

Part of the problem for employers is that even if a person passes a background check, it is hard for employers to measure with any accuracy how an employee will react in the future to various situations, such as a need for money, a substance abuse or other personal problem, or ability to act in an ethical fashion when under orders to do something that is less than ethical by a superior. Many organizations have found that the key is to supplement pre-employment background checks with ongoing or continuous screening, and an environment of control and physical safety.

Risk Types - Predictable, Unpredictable And Secret

Even with “good hires,” the potential for insider threats always exists. After getting applicants in the front door, a business must be concerned about employees with substantial authority (C-level and above), access to Information Technology (IT) or proprietary information, access to cash and accounting or access to sensitive information such customer lists and operations information. In fact, a new hire is full of risk. “Predictable risks” include employees with access to cash or assets and little internal controls. “Unpredictable risks” occur when employees develop financial issues, gamble, use drugs, or are encouraged or ordered by supervisors to perform acts of questionable honesty. “Secret risks” involve people with political agendas who use jobs to advance goals detrimental to employers.

There are also potential surprises employers can face post-hire. First, employers may obtain newly discovered information concerning an applicant such as discovering a new employee is a registered sex offender or faked an academic or professional credential. The good news is that employers can take steps to minimize surprises by a well thought out pre-employment screening program. The first step is to have in place policies, practices, and procedures to carefully select your employees in the first place through a well thought out pre-employment screening program commensurate with the risk involved.

There are numerous types of insider and post-hire threats that range from embezzlement, theft of trade secrets, workplace violence or active shooters
Experts recommend employers consider “continuous” evaluation that occurs periodically after hiring to deter employees from committing crimes after being hired

Formulating A Wise Pre-Employment Screening Program

Employers should also ensure their application forms make it clear that any material falsehood or omission can result in termination NO MATTER WHEN DISCOVERED and have language in employee manuals that deals with discovered falsehoods or omissions post-hire. Background check releases can have an “Evergreen” clause to allow future screening if needed (although there are limits to what can be done). Employers need to keep in mind that any screening program for new or existing employees should pay careful attention to the requirements of the FCRA as well as numerous applicable state laws.

There are several screening tools for detecting “insider threats”: Ongoing “continuous” evaluation (CE); Re-enactment (post-mortem) screenings; Credit Reports and asset searches; Social Media Background Checks; and Screening current workers or newly acquired workforce. It is also important for employers to know that internal “in-house” investigations can invoke the FCRA.

Employee Screening After Hiring

Some experts recommend employers consider “continuous” evaluation that occurs periodically after hiring. The argument in favour of such screening is that employees may commit a crime after being hired. It can also be a deterrence of sorts. Employers may also need to screen newly acquired employees if a merger or acquisition occurs. In addition, certain contracts may also require only screened employees.

According to the 2012 Association of Certified Fraud Examiners (ACFE) Report to the Nations, most occupational fraudsters are first-time offenders with clean employment and criminal histories

However, there are legal implications of using information acquired after hiring. Employers should not have a knee jerk reaction and carefully review all the facts and circumstances to give the employee an opportunity to be heard. It is especially important for employers to carefully document actions – especially if employee has pending employment related claim – and be careful of allegations of retaliation. In addition, many of these tools have drawbacks. For example, the use of social media sites to track threats is hampered by the fact that there is so much information online; it can be challenging to locate, identify, and utilize actionable data about a particular person, especially since a person may hide their activities behind privacy protection or use an anonymous online persona. 

Screening Without Proper Internal Controls Is Insufficient

According to the 2012 Association of Certified Fraud Examiners (ACFE) Report to the Nations, most occupational fraudsters are first-time offenders with clean employment and criminal histories. The walkaway point is that although pre-employment screening is critical to detect and deter fraud and threats, it is inadequate as a sole line of defense in the absence of proper internal controls that prevent surprises.

Bottom line: Employers must conduct due diligence before AND after hiring an employee. While this requires spending money, and the cost of background checks can be seen as a drag on the bottom line, the average cost of a screening usually equals the salary paid to employees for their first day of work. To paraphrase a well-known 1970’s marketing slogan: “You can pay (a little) now, or pay (a lot) later.”

Download PDF version

In case you missed it

Top 10: What Were Security Professionals Reading About In 2017?
Top 10: What Were Security Professionals Reading About In 2017?

Our most popular articles in 2017 reflected changing trends in the U.S. security market, from deep learning to protection of mobile workers, from building automation to robotics. Again in 2017, the most read articles tended to be those that addressed timely and important issues in the security marketplace. In the world of digital publishing, it’s easy to know what content resonates with the market: Our readers tell us with their actions; i.e., where they click.   Let’s look back at the Top 10 most-clicked articles we posted in 2017. They are listed in order here with the author’s name and a brief excerpt.  1. Las Vegas Massacre Demands Reevaluation of Hospitality Sector Security The Oct. 1, 2017, sniper attack from a 32nd-floor room at Mandalay Bay, overlooking 22,000 people attending a country music festival, has been compared to “shooting fish in a barrel.” When the bullets rained down, there was nowhere to hide. The attack came from outside the “perimeter” of the event, so any additional screening of attendees would not have prevented it. There are also implications of the Las Vegas massacre for the hospitality industry. Hotels and resorts such as Mandalay Bay have not generally embraced technologies like the explosives scanners or X-ray machines used at airport terminals, at least not in the United States. 2. Deep Learning Algorithms Broaden the Scope of Video Analytics [Zvika Ashani] Until recently there have been minimal applications of Machine Learning used in video analytics products, largely due to high complexity and high resource usage, which made such products too costly for mainstream deployment. However, the last couple of years have seen a tremendous surge in research and advances surrounding a branch of Machine Learning called Deep Learning. The recent increased interest in Deep Learning is largely due to the availability of graphical processing units (GPUs). GPUs can efficiently train and run Deep Learning algorithms The last couple of years have seen a tremendous surge in research and advances surrounding a branch of Machine Learning called Deep Learning 3. Home Security Systems: Why You Need to Upgrade From 3G to 4G Technology [Missy Dalby] The current communication method for most home security systems is via CDMA and 3G (GSM) technologies. With the emergence of faster, better, and stronger 4G LTE technology, carriers are migrating away from old technology standards and methods towards new, more efficient ones. As such, the older technology is going dark, and soon. Manufacturers of cellular modules have stopped making them. At the end of 2018 they will stop letting customers add systems utilizing 3G radios to their channels. 4. Diving into AI and Deep Learning at NVIDIA’s San Jose Conference [Larry Anderson] Video analytics applications fall under NVIDIA's “AI City” initiative, which they describe as a combination of "safe cities" (video surveillance, law enforcement, forensics) and "smart cities" (traffic management, retail analytics, resource optimization). Depending on the application, AI City technology must function in the cloud, on premises and/or at the edge. NVIDIA’s new Metropolis initiative offers AI at every system level, from the Jetson TX2 "embedded supercomputer" available at the edge, to on-premises servers (using NVIDIA’s Tesla and Quadro) to cloud systems (using NVIDIA’s DGX). 5. Physical Security Evolves to Protect Mobile Workers [Annie Asrari] With an increasing number of employees traveling and working remotely, the days of a dedicated worker who commutes to and from a single location every day of the week are just about over. Security professionals must take a second look at their policies and procedures for employee safety. To protect employees in this new mobile world, where people, assets and brand reputation threats may face higher than normal levels of safety and security risks, businesses must focus less on securing physical, four-wall perimeters and instead take a global approach to security that focuses on protecting traveling, remote and lone workers. Businesses must take a global approach to security that focuses on protecting traveling, remote and lone workers 6. New Security Technologies Driving Excitement on Busy ISC West Day One [Larry Anderson] ISC West in Las Vegas kicked off April 5 with an expanding focus on new technologies and new applications, including some that go beyond any narrow definition of security. “Technology is disrupting the market and executives are taking our solutions beyond security,” says Moti Shabtai, CEO and President of Qognify. “They are starting with security and quickly moving to other risk and business continuity issues in the organizations. They want a clear return on investment (ROI), which we can deliver if we move from covering a limited island of ‘security’ issues and give them the value of also managing risk, safety, and operations.” 7. Optimizing Building Automation for Good Return on Investment [Minu Youngkin] Smart buildings are on the rise around the world, not only because a growing number of companies are considering their environmental impact, but also because of the dramatic cost savings that can be realized through integration. In every building that has an integrated security and access control system, an opportunity awaits to also integrate the building’s energy use, water use, ventilation and more. The key is to effectively convey the tremendous potential of this new technology to the end user. 8. ISC West 2017: How Will IT and Consumer Electronics Influence the Secuirty Industry? [Fredrik Nilsson] A good way to predict trends [at the upcoming ISC West show] is to look at what’s happening in some larger, adjacent technology industries, such as IT and consumer electronics. Major trends on these fronts are the most likely to influence what new products will be launched in the electronic security industry. Proof in point is H.264, an advanced compression technology ratified in 2003 and adopted as the new standard by the consumer industry a few years later. By 2009, it became the new compression standard for the video surveillance industry as well. Violence will continue to challenge the healthcare sector in the future 9. The Future of Healthcare Security: Violence Response and Emergency Preparedness [Ben Scaglione and David LaRose] Violence will continue to challenge the healthcare sector in the future. Domestic violence, child abuse, behavioral health, drug and alcohol abuse will all continue to challenge hospital staff in the Emergency Department, Women’s Health, and behavioral health areas. The Hazard Vulnerability Assessments (HVA) along with facility wide risk assessments helps in defining risk severity and identifying historical patterns of violence. 10. Robot Revolution: Uncovering the Real Value of Security Robots [Steve Reinharz] The security coverage that a robot offers in the case of a shopping mall can be easily overshadowed by the fact that the machines seem to serve to entertain the population. Instead, security robots can best be utilized for more high-level roles, such as in critical infrastructure sites, corporate campuses and educational facilities, where wide, expansive spaces require continuous protection. In these locales, security can be difficult to achieve, as cost, location and lack of resources make the logistics of deployment difficult.

How To Prepare For Active Shooter Incidents | Infographic
How To Prepare For Active Shooter Incidents | Infographic

This Active Shooter infographic summarises information about trends among active shooter incidents, and outlines how an organization can develop a plan before tragedy occurs, including:   Statistics on the numbers and types of recent active shooter incidents. A profile of common traits among active shooters. How to prepare beforehand, and what to do when the police arrive. How organizational planning ensures maximum preparedness. Pre-attack indicators to look for. Be sure to share this information with coworkers and managers. Awareness is key to preventing active shooter incidents, and to minimising their tragic consequences. When sharing this infographic on your website, please include attribution to  SecurityInformed.com More resources for active shooter preparedness: How hospitals can prepare for active shooter attacks Six steps to survive a mass shooting Technologies to manage emergency lockdowns  How robots can check for active shooters  Background checks to minimise insider threats Gunfire detection technologies for hospitals, retail and office buildings 21 ways to prevent workplace violence in your organisation Non-invasive security strategies for public spaces    

Intelligent Surveillance: AI For Police Body-worn Cameras
Intelligent Surveillance: AI For Police Body-worn Cameras

Working together to develop an intelligent body-worn camera for public safety users, Motorola Solutions and artificial intelligence (AI) company Neurala are demonstrating how AI can be added to everyday devices such as smart phones using existing hardware platforms.  AI software, working at the “edge,” provides the capability to add AI functionality to existing cameras, such as Motorola’s Si500 body-worn camera. An agreement to develop the products follows Motorola’s strategic investment in Neurala in January 2017. “The technology is real, as our prototypes have demonstrated,” says Massimiliano “Max” Versace, Neurala CEO. “The technology will mature dramatically by the end of the year.” A final, marketable product from Motorola might be a year or more away, and the timing will depend on extensive testing in the meantime, he says. The goal is to enable police officers to more efficiently search for objects or persons of interest, such as missing children or suspects. Adapting Hardware For Artificial Intelligence Neurala’s learning capabilities “at the edge” are hardware-agnostic; its software-only focus enables the principles of artificial intelligence to be applied to a variety of hardware platforms, including low-cost platforms used inside smart phones. Typically, cost and the need for speed are limitations that determine what hardware can be leveraged using the software. The goal is to enable police officers to more efficiently search for objects or persons of interest, such as missing children or suspects In the case of the Motorola body-worn camera, AI functionality is being added to existing hardware in the device, which is much like a smart phone encased in the form factor of a body-cam. Today’s smart phones include cameras, gyroscopes and accelerometers to provide sufficient data to drive AI applications. Software adapts existing hardware to transform them into AI devices capable of continuous learning in the field. Finding Missing People In Crowds Neurala and Motorola are promoting the new agreement with a use case of how a policeman’s body-worn camera could help find a missing child in a crowd. A network “pushes” a photo of a missing child to a network of 1,000 body-worn and/or dashboard cameras in the field, which employ AI to search for the child within each camera’s field of view and then provide an alert when a match is found. The cameras operate passively, without involving police officers, in effect automating the process without police officers having to look at every face in a crowd. AI’s contribution is to eliminate the need for humans to do repetitive or boring work, such as look at hours of video footage. Neurala began working in AI 11 years ago, long before the current buzz in the market. In a sense, awareness has caught up with the company, which has been developing its technologies ahead of the curve. “The same technology could be applied to closed circuit cameras to detect other objects,” says Versace. “The Neurala Brain is neural network software that can be trained to find a variety of objects, such as backpacks or vehicles, in the air or on the ground.” AI’s contribution is to eliminate the need for humans to do repetitive or boring work, such as look at hours of video footage   Adding AI To Existing Security Devices Other applications are also being developed. For example, Neurala has applied its technology to help the Lindbergh Foundation fight poaching of elephants and rhinos in southern Africa using video from drones as part of its Air Shepherd Program. Neurala’s software helps human analysts by searching through terabytes of video, including infrared, in real time as the drone is flying, pinpointing animals, vehicles and poachers during the day and at night. Versace expects the first applications of AI on existing products, including cameras and drones, before it is applied to robotics and other new applications. In effect, Neurala provides a “brain plug-in” that can add AI to change an existing solution from a passive sensor to a device that is “active in its thinking,” he adds. AI is here to stay, says Versace. “The market should know that AI has reached a point of no return. Companies that don’t use AI will be left behind. It’s the way to go to amplify your output.” Does Artificial Intelligence Threaten Humans? However, the technology isn’t perfect and shouldn’t be expected to be. “It’s still a growing technology, so you can’t expect 100 percent correct performance, especially if you deploy it in a constrained environment such as a cell phone,” says Versace. “AI can approximate 90 percent of a human’s ability to detect an object, and it’s tireless and can work 24 hours a day. It’s a liberating technology that takes on jobs that are not interesting, such as looking for a backpack on a computer screen.” AI tends to engender anxiety among some, with people like Elon Musk warning of an existential threat of the technology and a coming AI apocalypse. We should all relax, says Versace. “It’s a liberating technology,” he says. “Anyone who talks about AI as dangerous is not an AI expert. The less you know about AI, the more alarmist you are.” He suggests the physical security market should “learn more about it so they won’t be so scared.”