Employee screening is vital in fight against cyber fraud

Exclusive article for Facilities Show written by Marsha Hermandez

The facilities management sector employs around one in 10 of the UK working population, providing services that range from security to building and engineering maintenance through to asset management solutions. It is estimated to be worth £111bn a year to the nation’s economy.

However, like many sectors in the UK, the pool of labour available for hire by facilities managers stretches beyond these shores. Greater mobility of people from around the globe, particularly from within the EU or affiliated countries, will continue to bolster the nation’s workforce despite Brexit.

There are over 500 million people in the EU and those of working age and relevant skills are currently still free to travel and apply for jobs in the UK. This poses potential challenges for employers within the facilities management sector as keeping tabs on potential employees’ movements, backgrounds and right to work in the UK will be almost impossible to verify through ID cards and passports alone.

Employees – Both Important Asset and Big Risk

This is an especially important consideration given the critical role that employees have in a business’s cyber security strategy. While workers are a company’s most important asset, that person walking through your door every day is potentially also one of the biggest risks to your electronic information, physical and human security, and reputation, if not vigorously vetted prior to placement.

Cyber fraud is becoming increasingly commonplace, costing UK businesses more than £1billion in the past year, according to figures released by Get Safe Online and national fraud and cyber crime reporting centre Action Fraud. According to Hazelwoods, a specialist in legal professions, a jump in losses to cyber fraud suffered by UK law firms between 2015 and 2016 is associated with a sharp rise in the number of attempts by fraudsters to trick law firms into transferring funds to them by hacking email accounts of employees and clients of firms.

Comprehensive people screening offered to FM companies is just one way of protecting networks, computers, programs and data from attack, damage or unauthorised access from potentially rogue or disgruntled employees. But, whilst carefully screening potential employees will help strengthen a firm’s cyber security, a holistic approach should also be taken beyond the vetting process. Firms should train their employees on basic data security protocols. In particular, employees should be taught to update their antivirus software, not use commonly-predicted passwords, not log into email accounts while on public WiFi, and be cognisant of phishing email scams that may put the firm at risk of monetary loss. Such practices may significantly decrease firms’ vulnerability to cyber fraud.

There are organisations, as well as individuals, who may not want to profit from breaching a security shield but want to cause a public relations disaster for a targeted company by disrupting its operations, which could cost millions of pounds. It is not just the financial impact, but also the hit in public standing and trust that such an incident would inflict. 

Protecting the Digital Infrastructure

Cyber security concerns are becoming increasingly prevalent, so businesses must deploy robust measures to protect their digital infrastructure. Vetting new recruits and monitoring worker behaviour can play significant roles in safeguarding a company’s assets. But what should an FM business be looking for when vetting for positions that will involve access to computer systems, safeguarding and maintaining property, protecting sensitive sites or even filling CEO positions?

Experience in a variety of security fields is vital. A one-stop screening provider that covers everything from criminal records, background and educational checks to drug testing is going to be more efficient than outsourcing separate requirements to different suppliers. You can also check a company’s industry-recognised affiliations and accreditations.

Another crucial sign to look for is that the vendor is up to speed with the strict regulations surrounding data protection and the dissemination of personal information, which change at a rapid rate, to ensure that they are within legal boundaries. The violation of the privacy rights of employees can bring hefty penalties for both company and provider. 

Check and Check Again

Whilst screening potential employees will help strengthen a firm’s security, it cannot legislate for the future behaviour of an individual. Good people sometimes turn bad if under duress or their personal circumstances change. A thorough background check provides vital information on a person for you to consider before making a recruitment decision, but it cannot predict how that individual will act once in place.    

If you have situations such as theft or other negative events occurring in the workplace, by collaborating with a screening services supplier you can take background information a couple of steps further and seek other solutions to ensure continuing data protection and safety in that building or facility.

Vetting is going to depend on the areas the company is involved in. Those working with vulnerable groups, such as children, require Disclosure and Barring Service (DBS) checks that will reveal the individual’s criminal record. Then there are Terror Lists, which can vary from government to government, address checks, and, last but not least, an employment verification is recommended.

Hidden Depths

People can get very creative when they are trying to hide their backgrounds. A very common trick is not to mention a past name. In many countries, court records are stored by name, so you might not trace a previous criminal conviction. To combat this ruse, a vetting agency will delve deeper into an individual’s past through checks on a social security number, ID or passport number, which will provide more information on potential aliases.

In the current climate of international strife it is very important to check Terror Lists, which are issued by almost every government. The UK Government has a current list of designated persons believed to be involved in terrorist activity. This is easily accessible on its website, but one of the benefits of using a screening company is that it has the ability to check lists from around the world. Some countries share information more freely than others or have different criteria – as the saying goes, a terrorist to some is a freedom fighter to others – a screening provider worth its salt will check hundreds of government terrorist lists.

It is also worth vetting an individual’s educational qualifications. This is not as common in the UK as in other countries. If an individual can provide a hard copy of the diploma or degree, most UK companies accept the document as valid and the education as confirmed. 

But, in the end, it is a piece of paper that could be replicated with little difficulty. A screening provider will make sure that document is valid by checking with the school, college or university that issued it and have them verify its authenticity. This is especially important if you are planning to hire that person in a high level position.

Putting a Price on Safety?

How much is employee vetting going to cost? It is hard to put a price on safety. The more robust the background check performed the higher the cost. But remember that the new individual is going to be in contact with your other employees, your product and be part of your cyber security every single working day. For a business, risk prevention is going to be cheaper than damage limitation.

Most companies carry out just the initial criminal record check on new employees. Periodic checking is highly recommended. Someone may have been a fine upstanding citizen five years ago but in the time they have worked for a company they may have suffered stresses in life that have resulted in a brush with the law. Without randomly updating background checks a company may not be aware of any legal issues since the start of employment.

Checking an individual’s background in the UK can take up to two weeks, but may take longer if you are looking to fill a CEO role or directorship. Once the information is securely delivered to the client, it is not shared with anyone else – but the company who requested it must take full responsibility for maintaining the record if needed.

People vetting will help in tackling cyber crime, but it is going to be a never-ending battle as we live in a faster, better, cheaper and more device-driven world. The more we are working remotely, the greater the opportunity for the bad guys to find a way to hack and access data. As soon as new security measures are put in place there will always be someone willing to try and work around them.

Vigilance is the key to combating attacks on security systems. Employing rigorous people checks might not on their own win the cyber war, but they will certainly make a valuable contribution to the defence of data against hackers and criminals by helping facilities managers to mitigate the risks involved from employing unsuitable or even illegal staff.

Marsha Hernandez serves as managing director of employment screening for Pinkerton, a global provider of corporate risk management services, including security consulting, investigations, executive protection, employment screening, protective intelligence and more. For more information, visit www.pinkerton.com.

In association

Show partner

Official magazine partner

Partner and sponsors

Media partners