Story image

Vet employees properly or open the gates to cybercrime, survey says

24 Jul 2017

Data theft and cyber attacks may be the top threats that spring to mind for many organisations, but a new survey of legal professionals also suggests that rogue employees are bigger threats that are being overlooked.

17% of organisations carry out police checks on potential employees, and yet most believe it’s an essential tool for pre-employment screening, a survey from SaaS provider InfoTrack found.

The company suggests that police checks should not only be conducted to protect company reputation and attracting top employees, but also to protect data and assets.

“Once someone is inside your organisation they often have easy access to not only company data, but data on all of your customers. Your organisation has a huge responsibility to protect that data, and a breach is even more serious with the Australian Government’s Notifiable Data Breaches scheme coming into effect in 2018,” the company states.

90% of respondents said the best methods of verification include reference checks on potential employees; 76% said qualifications checks, 62% said identity verification and 61% believed police checks were useful.

InfoTrack chief John Ahern says the results are disturbing that companies are not putting police checks further up the list.

“This is particularly so given one third of those surveyed have been impacted by internal crime either within their firm or their clients’ organisations,” he says.

The survey says two thirds of respondents see the benefits of pre-employment screening. Those benefits included reference checks, qualifications, prior convictions, visa status and identity verification.

While the majority see the benefits of such checks, only half of respondents were actually aware of how their organisation conducts verification checks on both existing and potential employees. 20% said they weren’t aware of any verification checks at all, which means they are relying on employee honesty.

Honesty may not be all it seems to be either: 38% said they or their clients had worked with someone who had lied or failed to disclose financial crimes like fraud and theft.

85% of respondents said certain convictions should be bars to employment in their organisations but the statistics show that what respondents believe and what is actually taking place in their workplaces are very different stories.

“Internal crime has the ability to destroy an organisation’s reputation, impact its bottom line and open the gates to cybercrime. These findings are a wakeup call for all organisations to be more vigilant in vetting potential employees,” Ahern concludes.

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."