Cyber cuckoos: Don’t forget recruitment when considering your security
Keeping your business protected against fraud and cybercrime doesn’t start and end with your infrastructure – recruitment should be a key consideration.
This is the advice from ComputerWeekly.com, which argues that many companies forget that hiring new staff members could be the single biggest security risk at their business.
It claims that the past two years have seen an increase in fraudulent job applications, where candidates significantly over-inflate their credentials and suitability for the role. Though it notes that candidates rarely do this for malicious reasons, it could be the first step towards a cyber criminal getting access to company data they’ve specifically targeted for industrial espionage (a process known as ‘insider threat’).
Changes to how – and more importantly, where – people work as a result of the pandemic is only making it more important to ensure hires are legitimate. Companies know they can cast the net much wider than before to secure the best candidates, with remote working meaning that proximity is no longer such a concern. A much more competitive marketplace will then favour candidates, as businesses try to secure the best talent and stop them from taking similar positions with their direct rivals.
However, the rush to gain a competitive edge shouldn’t come at the cost of cyber security.
Dave Lear, a professional Lead Security Architect, explained that companies dealing with critical infrastructure or personal information have the most to lose – with the worst-case scenario being “sanctions or penalties and reputational harm, which could, in turn, affect the company’s ability to continue operating.”
Lear had straightforward advice for businesses when hiring new talent: conduct in-person interviews, undertake background checks, and monitor a new hire’s use of the network.
In-person interviews, he said, allow decision makers to see the body language of their candidates, which can often say much more than verbal communication – and certainly give away a few more truths.
Background checks, meanwhile, can highlight any red flags – provided the employer goes for a sufficiently enhanced option. Don’t scrimp on the basics, but instead use a full checking service for all the information.
Finally, mapping a user’s route around the network can highlight any areas they’re accessing (or trying to) for which they should have no need, or provide proof of who was responsible if something were to go wrong.