THE MAGAZINE

Checking IT Backgrounds

By John Wagley

As employee background checks become more prevalent, many experts are urging companies to pay particular attention to their IT staff.

The recent sentencing of a former UBS Paine Webber employee is a case in point. The former systems administrator received eight years in prison for planting a “logic bomb” on company networks and then betting that the firm’s stock would decline. He planted the malicious code shortly after quitting his job in 2002, and it resulted in the deletion of approximately 10 billion files on 1,000 company computers.

A thorough background check on the culprit would likely have revealed his criminal record, which included burglary and aggravated assault convictions.

 Strong checks, including criminal background, education, and employment are particularly important for IT staff because of their high-level access to systems and data, say industry experts. “Professionally, they really do have the keys to the modern day kingdom,” says Lisa Gallagher, vice president of operations at HireRight, an Irvine, California-based employment background screening firm. 

Gallagher says that companies should be sure to do historical address verification. This will permit investigators to search through local as well as federal criminal records.

She also points out that there are a large number of IT employees working in an outsourced environment and that a growing number of employers are doing checks on temporary and contract workers. Companies are increasingly integrating background checks with the level of physical and IT system access granted to such employees, she says.

Some of the malicious activities IT professionals can carry out are listed in a recent report by Carnegie Mellon University’s CERT Coordination Center. They include writing or using scripts or programs (including logic bombs), creating backdoor accounts, installing remote system administrator tools, modifying system logs, planting viruses, and using password crackers.

Insider theft is another big concern. The study also reported that over half of employees who stole confidential or proprietary information from their companies held technical positions.

What job applicants most often misrepresent is their educational and professional background, according to Jason Morris, president of Cleveland-based EmployeescreenIQ.

Dates of employment and past salary are two areas where his firm finds a number of discrepancies. His statistics show that about 56 percent of résumés contain some kind of falsehood. While they may not all be concealing a criminal past, “I don’t think there’s really anything minor,” Morris says. “You either tell the truth or you don’t.”


Other articles in this month's Technofile:

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.