CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | November 20159CIOReviewwhat value they have and who has access to them. Human resources and information security professionals within the organization should develop a policy framework about what factors are appropriate for background screening for specific positions. If an employee has access to credit card information or other personal identifiable information, a background check might include a national and county level criminal history in all areas a candidate has lived or worked. It may also include a check on financial information such as credit history or bankruptcy filing. Screening may even involve a check of terrorist watch lists.Many employers think that background screening ends when the new hire comes onboard. Unfortunately that can be a shortsighted and risky approach. Life happens and circum-stances change. Young people are less likely to have a criminal record or bad credit initially, but could incur debt over time that needs to be serviced, potentially increasing their risk to the organization. People also change positions and have access to different levels and types of data. Companies should have a solid standards-based policy framework that includes con-tinuous monitoring and updating of background information through a periodic rescreening process. Fortunately, technol-ogy now allows for groups of employees to be rescreened all at once for a fraction of the cost of the original background check.Preventing Breaches through VendorsCompany supply chains and third-party business partners are other vulnerable points for attack. The massive Target data breach was traced to a third-party heating, ventilating and air conditioning partner that was hacked. It is wise to make inquiries about whether contractors, suppliers, and staffing firms have robust policies in place regarding background screening in addition to technology-based solutions to protect against deliberate or inadvertent data breaches.The information age has changed the way we do business, but it has also created new risks that can lead to catastrophic losses. To ensure the greatest possible protection of valuable company information, organizations would be well advised to think about both internal and external threats, maintaining a thorough employee screening program along with tight IT security measures. Organizations would be well advised to think about both internal and external threats, maintaining a thorough employee screening program along with tight IT security measures
< Page 8 | Page 10 >