How to Avoid Hiring Fraudsters

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

6 Recruiting Tips

1. Establish Sound Procedures for Hiring -- And let potential employees know up-front about background screening and drug testing. This will deter convicted felons from attempting to join the organization. Also, draw guidelines as to what you might find acceptable and not acceptable as far as hiring security employees is concerned. "Treat this process as a component of risk management," says Lee Kushner, president, L.J. Kushner and Associates, LLC, an executive search firm dedicated exclusively to the information security industry and its professionals. "There is a different level of anticipated trust within information security professionals because the nature of their work is to protect information and mitigate risk, and this calls for a higher level of scrutiny."
2. Background Checks Must be Cost Effective -- Know what level of background screening to pursue for a certain level of candidate based on how sensitive the position is, as well as the information to which the potential candidate have access, says Granado. For example, when hiring a junior level security analyst, the company can resort to a less extensive check than for a senior position, i.e. the security manager or senior database administrator.

Based on ACFE's recent report, high-level perpetrators cause the greatest damage to their organizations. Frauds committed by owners/executives are more than three times as costly as frauds committed by managers, and more than nine times as costly as employee frauds. Also, executive-level frauds take much longer to detect.

Advanced checks include getting deeper into the candidates profile by hiring a private investigator and getting details on personal assets, personal relationships, FBI criminal files, nationwide wants and warrants, civil searches, affiliations with groups and associations, international contacts.

As part of all background screening, organizations should invest in finding out if the candidate sued former employers, business partners or lenders, and conversely were they sued by a former employer for mis-management, fraud, breach of contract or sexual harassment, says Springer.

3. Scrutinize the Candidate's Resume -- Look for discrepancies such as:
   • Was the candidate with any other company that they didn't disclose? They may tell you that they worked in four companies, but what if a fifth organization fired them?
   • Work tenure at each organization to ensure there are no overlaps;
   • How long the candidate typically holds a position and get into details of their reason to leave a job;
   • The candidate's academic and professional credentials;
   • Do a 'Google' search and check online profiles on social media sites to find out more details about the candidate. Look for online activity and group associations, says Granado -- find out if they are connected with an underground hacker association, has the candidate ever developed a vulnerability, and where do they spend their time online?
   • Verify the candidate's business references by calling each one listed, then get deeper into the candidate's behavior in your conversation.
4. Look for Controversial Media Attention -- Especially within information security, one needs to ensure that a candidate has the integrity to handle the sensitive demands of the position and is not engaged in unnecessary public talk about technology, current employer, job details and functions that may put both employer and the employee at risk and cause reputational damage.
5. Get Details on Financial Stability -- Find out if there are claims, judgments or bankruptcies filed against the candidate by running credit checks on them. Organizations need to check if any of their potential employees are having financial problems, and ask them up front: "How did you get into this financial hole?" Individuals experiencing financial difficulties are extremely vulnerable to committing fraud to meet an immediate, pressing financial need. According to the ACFE report, the most common red flags displayed by perpetrators in occupational fraud were employees living beyond financial means and/or experiencing financial difficulties.
6. Ask for Work Demonstration -- It is extremely common for developers and security application programmers to copy source codes from the internet and present them in interviews as their own, says Granado. Organizations should ask potential candidates to demonstrate their programming and security skills during the interview.