Security Enterprise Services

Pre-Employment Screening Evolves to Mitigate Risk

Hiring a new employee can be a rushed process, especially if the position is a mission-critical one. But neglecting to follow through on pre-employment screening can be even more disastrous to the enterprise than having an empty seat for a few weeks. A foregone or limited background check, a lack of fact-checking or a single-minded policy about hiring could leave a company with rushed hire and an unsuitable new employee, or worse – a wave of new risks and liability.

 

The Basics

“There is no bare minimum for pre-employment screening,” says Greg Allen, Associate Professor in the Security Management Program at Bellevue University. “Companies can do whatever they want,” but he adds that doesn’t mean they should leave pre-screening out of the equation all together.

“You’re looking for the right fit for the job, and background checks help you ensure that your candidate is the right one,” he says. And because every job description is different, each position needs to be screened and evaluated differently.

According to W. Barry Nixon, Executive Director for the National Institute for the Prevention of Workplace Violence, Inc., employers should have a standard benchmark screening process for all levels of employment – from the retail cashier to the CEO. He recommends a criminal background check for any place the candidate has lived for the last seven years, including city, county, state and multi-jurisdictional (national) databases. He also insists on educational verification.

“Every job can cause risk,” Nixon says. “Even a janitor has keys to every office. You have to match the screening processes to the level of job risk and not leave anyone out.”

Job-specific checks can include a motor vehicle check (driving record, DUIs, active licenses), DMV checks to verify addresses, Social Security checks, immigration status, sexual predator’s listings and a terrorist check, he says.

One of several obstacles to these incredibly thorough checks, however, is money.

“You need to minimize the money spent on each applicant,” says Allen. “And that happens throughout the hiring process. First, you can weed out any bad or unsuitable applications – that alone eliminates 80 to 85 percent of your candidates. Then, bring in a number of people for personality or job testing. Your top three or four are investigated. The first two processes are relatively inexpensive. The last one is extensive and more costly, but the system ensures that you’re only screening ones who could be the right fit.”

The job description itself contributes to how much money one should spend on pre-employment screening, Allen adds. “You shouldn’t spend the same money on someone earning $10 per hour as you spend screening for the CEO position.”

According to Mark Winn, Director of Security for Ingram Micro, there are positions of “significant trust” that need more attention: The background screen needs to include  a seven-year criminal check, credit check, Social Security Number trace and background information from state and local agencies, but he adds that neglecting a national screening could leave out key information.

“All of our backgrounds include a national database check as an additional layer in case the candidate got arrested and convicted in a place where they were just visiting, but did not actually live,” Winn says. This layer provides the recruiting team the broadest review of the candidate's background, enabling them to make a more informed hiring decision.

           

The Risks

“People are still lying on their applications, and they just wait for you to challenge it,” says Allen. “You have to check education, qualification, certifications – employees and assets go hand-in-hand. It’s all an issue of liability.”

Risks of liability have also put a halt on many organizations’ pre-hiring practices. Hiring a candidate before the background check is completed and approved leaves the business open to too many risks.

“It all depends on how risk-averse your organization is,” says Nixon. “The best policy is not to let the new hire start until the background check is cleared. However, the reality of most situations involves a risk increase – hiring contingent on a satisfactory background check.

“This should not be considered, however, for jobs dealing with highly sensitive information or somewhere where it wouldn’t take long to do a lot of damage,” he adds.

Broadly speaking, this would be a finance department or working with children and other vulnerable groups. Now, Winn says, IT needs to be included in that group as well.

“IT employees have a lot more access to the systems, and they know how to access or damage information,” he says.

According to Nixon, a lack of effective screening can result in a race track parking lot attendant being a convicted car thief, or a doctor being hired without having a medical degree or hiring a “sovereign citizen” – a member of a faction within the U.S. that considers itself not subject to the country’s laws and taxations, and often found to be armed and dangerous. There are also risks to the organization’s reputation and safety. Workplace violence is a major risk, but it can be difficult to detect. Allen says that personality testing is a quick, easy way to learn more about your candidate, including indicators of a history of violent behavior.

 

Black, White, Grey

In years past, it could be an organization’s rule that no one with a prior conviction can be hired. However, in 2012, the U.S. Equal Employment Opportunity Commission (EEOC) ruled that organizations could not deny employment based solely on the fact that an applicant has been arrested or had been convicted of a crime.

The EEOC website reports that employers may ask about arrest and conviction records, but such conduct can only prevent the applicant from employment when it is evident that the person cannot be trusted with the duties of the position when considering the nature of the job, the nature and seriousness of the offense, and the length of time since it occurred. This rule goes for both arrests and convictions.

“The EEOC ruling changed pre-screening in some respects,” says Allen. “With criminal records, you now have to really look at what it is. If it’s a misdemeanor, well, even law enforcement agencies hire these after a time period. A felony is a different thing altogether. You have to look at liability. But by eliminating liability, you might eliminate some expertise. That’s a risk you have to balance.”

“The rule of thumb is: Criminal record considerations need to be based on the nature of the job, the time after the offense and the relevance to the work,” says Nixon. “We can’t place everyone in the same black-and-white categories now.”

 

Checking the Corporate Ladder

Say an employee worked his or her way up from the stockroom to the boardroom – there’s a strong possibility that you might want to review an updated background check before ushering them into the corner office.

“Infinity screening, or screening current employees, especially during promotions, is also tied to the requirements of that job,” says Nixon. “Sixty percent or more of embezzlement and theft comes from employees, and periodic checks help to reduce those risks.

“Especially in transitions from a non-sensitive to a sensitive job, as in moving to the finance department or closer to the C-suite, a new screening process is necessary,” he says.

 

Balancing Act

Pre-employment screening is tricky water to navigate in terms of which department is controlling what. Human Resources manages hiring, but Security manages risk, not to mention Legal, which keeps a wary eye on liability and any possible litigation resulting from a bad hire.

At Ingram Micro, Winn works with screening company HireRight to check for red flags and discrepancies in applications and background checks.

Today’s background screening is "not a cut and dried process,” Winn says.  Legal changes have driven organizations to do a deeper dive on backgrounds that contain flags or questions. “People come from diverse backgrounds, and we have to keep that in perspective.

“Here, I’m responsible for the background screening program. I’ll review questions for the HR recruiting team, and I handle approvals on questions when they arise.

“It’s a system of checks and balances. There’s also the issue of confidentiality around the report, and we want to limit the number of eyes seeing the information,” he adds.

“As a best practice, I think HR should own hiring and background checks,” says Nixon. “That can make turnarounds smoother and more efficient. Security works best as the advisor on the front-end, and managing procedures after a bad hire.

“The CSO should steer the nature of the conversation toward what’s best for the corporation and how to manage the risks. It shouldn’t be an area of conflict. Security can be involved in designing the policy, and any HR person worth their salt can see the value added by security’s participation. It’s not a hard conversation to start – you have to raise pre-employment screening to a company level, taking it out of the silos and into the enterprise as a whole.”

 

This article was previously published in the print magazine as "Game Changer: Pre-Employment Screening in 2013."

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Greg Allen

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+