Human Resources Poll Reveals Concern Over Internal Threats to Cybersecurity

September 17, 2015

According to a recent investigative report on data breaches, an estimated $400 million has been lost from a predicted 700 million compromised records in 2015. So which security controls are the most important in thwarting cyber crime against businesses? Anti-malware? Physical security? Believe it or not, according to a recent survey, employees are a main concern.employee working on computer

When recently asked about what security controls should be used to protect businesses from cyber threats, the First Advantage 2015 Cybersecurity Survey of business professionals placed employee background screening at the top of the list, even above the use of anti-malware programs and physical security. The survey, from Atlanta-based global background screening firm First Advantage, a Symphony Technology Group company, polled a variety of professionals including human resources, risk management and C-suite executives about their attitudes toward internal and external security threats.

Sixty percent of respondents said employee background screening is the most important security control that can be put in place to protect organizations. Anti-malware was ranked second, favored by 53 percent. Physical security and physical access controls ranked third at 39 percent.

When asked about the importance of background screening of new employees in preventing security risks, 98 percent agreed that it was at least “somewhat important”. In fact, 57 percent said it is “extremely important” to do background checks.

Not only were background checks of new employees deemed highly essential, but the process of doing background checks periodically on existing employees also received high marks. Thirty-five percent said the process is “somewhat important,” 17 percent chose “very important” and 19 percent said that employee re-screening is “extremely important.”

Yet despite the priority that re-screening employee backgrounds seems to have, when asked how often employees are re-screened, a clear majority (61 percent) said that the practice is never done at their workplace. By comparison, just 13 percent of respondents re-screen annually. Ten percent do so every other year.

“The lack of ongoing, periodic background screening of existing employees that occurs is in stark contrast to its recognized importance by the same organizations,” said Mark Silver, chief security officer at First Advantage. “The fact is that an initial background check does not protect an organization in perpetuity. In order to better protect against potential insider-driven breaches, periodic re-screening should be done. Fortunately, technology now allows for groups of employees to be re-screened at once – for a fraction of the cost of the original background check.”

Other Findings
  • When asked to identify specific external security threats that are most concerning, respondents indicated that professional hackers (55 percent), former employees (35 percent) and phishing schemes (31 percent) topped the list.
  • Regarding the importance of background screening of vendors, respondents were less enthusiastic compared to the need for employee screening. However, 55 percent still noted that it is “extremely” or “very” important. Fifteen percent said that vendor screening is not important.
  • Most cite the hit to company reputation as the top impact of a confirmed cybersecurity incident, followed by costs from potential litigation and loss of customers.
  • Exposure of personally identifiable information (PII) was cited by 47 percent of respondents as the most at-risk assets, more than credit and payment data, authentication credentials, intellectual property or physical inventory.

Source: First Advantage

Was this article valuable?

Here are more articles you may enjoy.