Everybody Screen!

Screening the extended workforce and other background checking best practices

NO one has to tell a security professional about the growing importance of background screening. More than 80 percent of large U.S. organizations now perform some kind of criminal background check on potential new hires, and more and more companies are checking employment history, education, driving records, credit history, sex offender registries, restricted parties lists and more. Clearly the drive to background screening is prompted by the desire for a safer workplace, the need to hire better people and threats of litigation for negligent hiring and retention in which the average court award has exceeded $1 million.

But even as background screening becomes an industry standard, it is clear that not all background screening is created equal. Applying background screening haphazardly and without a carefully formulated plan can leave organizations vulnerable to the negative events they are trying to avoid, as well as to criticism, employee dissatisfaction and even litigation. One of the best ways to avoid these problems is to make background screening an accepted and standard part of company security through the implementation of a carefully considered background screening policy based on best practices.

Such a policy shows a company's clear intention to protect its workers and customers as a matter of procedure. Adoption of best practices demonstrates that the company applies its screening standards fairly, with cause, without prejudice and in compliance with all legal requirements.

Understanding the Problem
A screening policy begins when security professionals meet with their human resources counterparts, as well as all other staff members responsible for the hiring or contracting of workers throughout the organization. The goal is to truly understand the steps of hiring and contracting, and all the potential points of vulnerability. For example, many companies perform criminal background checks as a matter of policy, and may consider a search of the online criminal databases as sufficient. The true industry standard involves a hands-on check of the most current records at all county courthouses pertinent to the applicant.

Though it may be a company's procedure to perform criminal checks, it is vulnerable to misinformation regarding employment history, education, drug history and driving records. It is important for the security professional to understand which checks may be pertinent to the company's employee or vendor requirements, as well as those that are required by law.

With such understanding in hand, the security staff can begin to develop a compliant employee screening policy tailored to company needs.

Closing the Extended Workforce Loophole
While the first step in developing a successful screening program is to establish a standard policy, there is an important workplace vulnerability that security professionals must be aware of before such a policy can be written -- the presence of a largely unscreened extended workforce.

One head of security at a global company recently commented that it was interesting that no employee of the company, including himself, got into the CEO's office without a background check, security badge and escort -- no one, that is, unless you counted the man who watered the plants in the CEO's office who had free access with no screening whatsoever. This is a classic example of the extended workforce loophole that exists in companies of all sizes. Even where the most stringent employee screening policies exist, there is often no plan for vetting vendors, partners, and temporary and contract employees.

The vulnerability that this loophole represents is better understood in light of the fact that a recent survey found that vendor employees were 92 percent more likely to have a felony record than a permanent hire and 50 percent more likely to have a misdemeanor record or drug history. One reason for this striking difference is the entirely logical phenomenon of adverse selection. Since so many companies conduct background checks as part of their standard hiring procedure, applicants with questionable pasts tend to find jobs in companies where background checks are not performed. From the security professional's point of view, even if a vendor company performs background checks, they may not meet the hiring company's screening standards and thus still represent a potential vulnerability.

The extended workforce loophole exists largely as a function of procedure, management and technology challenges. Typically, all direct workforce applicants are processed by security and human resources through the corporate screening process before being hired or given a security badge. The indirect workforce, whether employees of a maintenance company, IT contractors or marketing consultants, are oftentimes not required to go through security and HR departments before being granted access. From a process and management point of view, these workers are generally hired and supervised by a wide range of business functions. The night cleaning crew may be under the supervision of the facilities department; the contract software engineer is typically hired by engineering; and temporary receptionists may be hired by HR or a host of other individual titles. In most organizations, there is no central security process governing all of these business functions and categories of workers.

The first step, then, in plugging the loophole is requiring that all extended workforce personnel be subject to the company's standard security procedures, regardless of which department manages them. All departments need to be educated on the importance of submitting their extended workforce personnel to the security department for screening and the step-by-step procedure for doing so.

Another problem in closing the extended workforce security gap is vendor participation. Again, there must be a process in place that requires vendor employees to be screened before they are granted access to company facilities or information. The policy must establish clear guidelines for the vendor as to which screens need to be conducted to meet the company's standards. There also needs to be a process whereby the results of the screening report are delivered directly to the company for review and approval, or is adjudicated and managed by a third party.

Companies that successfully screen their extended workforce most often find that program compliance is easiest to enforce by tying the screening requirements to the badging system. Software solutions are beginning to emerge that can assist companies with tying these two functions together and securing the willing participation of the vendors and suppliers. Whether an internal or external solution is selected, including extended workforce screening into the company's security policy is a critical step.

The Most Critical Step: The Standard Policy
Having a standard, mandatory background screening policy for every employee and vendor -- from top executives to part-time workers -- not only protects the company's workforce, property and information, but it also eliminates any inconsistency and helps ensure that information gathered is used appropriately. Such a policy also protects the company by ensuring compliance with legal requirements such as those set forth by the Fair Credit Reporting Act and other governing bodies. Different types of checks may be required for different positions. For example, finance department employees may require credit checks, and those that operate vehicles on company property may require a vehicle department check. At minimum, a good policy should address what type of checks should be performed for each type of position; who should be screened; how many years of history the checks should cover; the criteria used for assessing whether the candidate meets the hiring standards of the company; and what procedures are required to comply with all relevant federal and state legislation and industry regulations.

Require Complete, Accurate and Consistent Data
Background screening policies should require that all applicants give dates of employment with month and year, and a graduation date for all levels of education. Screening should always include a careful cross-check of data provided in the interview, resume, job application form, background verification application and background check report. Often, applicants with something to hide will provide different information on their job application and their background screen application in the hope that no one will cross check. Incomplete information can reveal gaps in employment and education. Inconsistencies should then be explained by the applicant.

Perform Comprehensive Verification
Certainly, the most fundamental background screen to be performed is a criminal background check. These checks should not just include the local county, but every county where the applicant has lived or worked. Almost as important, however, is verification of employment, education and salary. Roughly one third of resumes contain some misrepresentation in one or more of these areas. This alteration of facts can not only impact the applicant's ability to perform their job, but also indicate problems of character that may eventually impact the company. Educational credentials should be verified at the source, and salary by previous employers or with prior W-2s or pay stubs.

Many companies skip checks of international experience on applicants due to unfamiliarity with the process and the perceived complexity of gathering the information. Indeed, the laws, regulations and procedures governing such checks vary greatly from country to country, but the risks of not performing a background screen is too great to justify excluding them. This is the time to call in the experts and partner with an employment screening provider with the expertise and experience to conduct checks in any country that may be required.

Ongoing Protection
Security professionals should consider regular post-hire criminal background and drug screenings of employees and vendors in order to protect the workforce and guard against liability for negligent retention. In addition, the background screening policy should be regularly reviewed for its responsiveness to company needs and compliance with changing laws and regulations.

With screening of the extended workforce as a standard procedure and a carefully crafted background screening policy in place, security professionals will take a huge step toward protecting their employees and their company.


  • Secure Your Home During the Holidays

    The most wonderful time of the year can easily transform into a nightmare. Being vigilant, while still enjoying the holiday season, is possible. The holiday season is the perfect time to start implementing security measures to protect one’s home and ensure security while out and about. Read Now

  • Five Cybersecurity Trends Predictions for 2024

    According to Cybersixgill, threat research experts, AI’s evolution will continually improve both organizations’ cyber defense efforts and cybercriminal activities. At the same time, increasingly complex regulatory requirements, continued consolidation of cybersecurity tools, a widening attack surface, and heightened global geopolitical issues will all play a significant role in driving the direction of cybersecurity. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • NSA Report Focuses on How to Protect Against Evolving Phishing Attacks

    The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them. Read Now

Featured Cybersecurity

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3