1.) Ensure your organization has conducted a secure site assessment within the past 18 months or less to ensure physical assets are adequately protected.
Businesses invest millions of dollars to purchase and maintain physical assets. It is critical to ensure this investment is protected and secure. A secure site assessment not only protects your physical assets but also safeguards employees from the threat of a security breach. A thorough site assessment determines if there are adequate controls protecting access to your company. Access control evaluations include determining if the entrance is restricted to authorized individuals through mechanical means such as locks or keys, or by a human gatekeeper such as a guard or receptionist. Are all other possible entrances to the business secure? Are employees trained not to hold the door open for strangers who can walk in without authorization? Other items that should be analyzed and assessed to determine if physical property is protected include video surveillance systems, fire protection systems, and a survey of workstations and laptops to determine if they are locked down and secure.
An unauthorized person who breaches security can cause physical property damage, steal or even worse - threaten employees with bodily injury or even death. In this day and age, secure site assessments are a critical way to mitigate risk for your business.
2.) Conduct an assessment of your current IT systems to ensure that there are no breaches and no unauthorized users with access.
This item goes hand in hand with a secure site assessment. In addition to the protection of physical property, it is critical to evaluate and protect information technology systems. Examples of vulnerabilities that can lead to computer technology breaches include improper training of employees. When a VA employee improperly took work records that were later stolen from his home, he put at risk the names of 26.5 million discharged veterans’ records including their social security numbers and date of birth. Other areas to be checked include improper storage or transmission of sensitive information, password security, computer viruses, improperly configured or risky software, insecure disposal of hard drives and missing patches or updates. Failure to make sure computer operating systems are properly updated can cause exposure to a security breach. When a major university failed to do this, a hacker took advantage of the known vulnerability on an unpatched server, potentially putting nearly 40,000 student records containing personal identity information at risk.
Information Technology assessments include a thorough evaluation of technology and infrastructure to ensure systems are secure and protected.
3.) Conduct an annual breach test. This will keep your staff and team in check!
With items one and two in mind, it is a good idea to conduct an annual “breach test” which attempts to breach your own systems. For example, have a person come to your place of business and see if they can gain access without first being cleared as an “authorized” individual. Also, check your computer information technology to make sure unauthorized users cannot gain access and that the operating system is updated and secure.
An annual “breach test” not only confirms your security systems are in place, but also acts as a way to notify you when procedures have become obsolete and need to be updated to keep up with changes in technology.
4.) Establish checks and balances for financial systems.
Another way to mitigate potential risk is to always be aware of where the company stands financially speaking. This includes checks and balances for Accounts Receivables, Accounts Payables, Bank Reconciliations, and Balance Sheets. It is important to have a clear delineation of responsibilities and payment authority as well as more than one person responsible for reviewing these vital company records. In addition, conduct a semi-annual financial audit to look for red flags and pinpoint and correct anomalies before they can cause devastating financial results.
5.) Thoroughly check your employee "gatekeepers" for adverse issues that may arise during the course of their employment.
“Gatekeepers” are employees in key positions that have authority and responsibility over sensitive information such as financial records. A red flag that could indicate a problem is if this person insists that they are the only person in the organization that can access certain information or conduct business such as make deposits, write checks or transfer money. For this reason, they may even object to taking a vacation or break but it is necessary that they be required to do so in order to adequately audit and assess all records to mitigate risk! Common fraud schemes include stealing cash, skimming, fraudulent disbursements and dishonest inventory taking. Take a look at recent press - several folks in key positions of trust and responsibility have committed serious acts of theft and deception. One example is the former bookkeeper who skimmed more than a half a million dollars between 2006 and 2010 from the Town of Kinderhook and Town of Greensport in New York State. She did this by linking the Town of Kinderhook’s general fund account to her personal American Express account and siphoning funds. In Greensport, she used electronically scanned signatures of the town supervisor to forge stolen Greensport town checks. She pled guilty to three counts of grand larceny and computer trespass and was sentenced to three to nine years in prison.
6.) Evaluate your firm’s pre-employment background investigation process to ensure the latest processes are in place for all new hires.
On one hand, employers must comply with Equal Employment Opportunity Commission Guidelines that protect certain groups from being excluded from employment opportunities in certain circumstances, even if criminal activity has been determined. On the other hand, businesses must be vigilant in their hiring practices because there are negligent hiring considerations. Negligent Hire is a legal doctrine that describes the failure to use due care or action when hiring an employee, given the risk provided by the position being offered. If, through a company’s negligence, an employee harms another person, then the company is held liable. In addition, the Fair Credit Reporting Act requires “reasonable procedures to assure maximum possible accuracy of the information.”
Businesses that don’t follow proper procedures could find themselves paying hefty legal fines. For example, in 2012, Pepsi Bottling Group agreed to pay $3.13 Million and provide job offers and training to resolve a charge of race discrimination in an EEOC violation case. Don’t be a statistic! Make sure the latest processes are in place for all new hires!
7.) Obtain a list of all outside vendors that come on site and ensure each employee/representative undergoes and passes a thorough background investigation before allowing them on site.
You routinely conduct pre-employment background checks on your employees but have you thought of the potential risk that outside vendors can pose to your business? The backgrounds of vendors could contain potential liabilities like criminal records. It is important to conduct fully compliant vendor screening and credentials verification for all visitors and providers that work at your location including temporary workers, professional consultants and independent contractors. This can identify liabilities before your company is exposed to unwanted risks.
8.) Perform infinity screening on all employees regularly to ensure no issues have arisen throughout the course of employment
We’ve all heard stories of people in positions of authority and trust being found guilty of fraudulent activity. Recent examples include a pastor who became a prisoner for credit union thefts or the Chairman of the Australian Securities and Investments Commission facing charges of financial irregularities. Most companies know the importance of pre-employment background screenings, but what happens after a person is hired? Can you be certain your employees are reputable, law-abiding citizens? Apparently, the above organizations felt that way, until they learned otherwise. How can you protect your company and the employees that work for you? Infinity Screening or continuous screening is a post-hire background investigation that continuously investigates employees at various intervals, post-hire, throughout the employee's time with the company. This service allows organizations to gather up-to-date information concerning their employees and assist organizations in their decision making processes regarding promotions and transfers etc. Infinity screening also gives an organization legal recourse if the employee attempts to defraud or manipulate the company.
9.) Educate your team on awareness of issues arising out of workplace complacency and violence.
Workplace violence has become a major threat to businesses and their employees. Complacency develops because most companies have the belief that workplace violence can’t happen to them until it actually happens. It is better to be aware of warning signs, have processes in place to prevent violence before it happens, and provide outlets for employees to vent frustrations before a tragedy takes place. A zero tolerance for harassing behavior can be implemented by a policy to investigate every report. This sends a message that violence will not be tolerated and can prevent a situation from getting worse. Employees can be trained to identify signs of stress and frustration in other employees that could lead to an out of control situation. In addition, an outlet where employees can vent their problems either directly or anonymously can go a long way to deflating a situation before it spirals out of control. It is vital to ensure all team members are trained in best practices and are aware of red flags concerning workplace issues.
10.) Handle separations from employment such as terminations and layoffs with care and caution.
It is important to handle separations from employment with care by consulting with your legal/investigative and outplacement professionals to ensure the least amount of impact is felt by the employee. If the employee feels as though they are treated fairly they will reciprocate and in most cases be professional in separating from employment.
In summary, companies who take the precaution of following these top ten steps should be well-protected from the risk of security breaches, workplace violence, improper hiring litigation and fraudulent activity within their organization. Proper due-diligence based risk mitigation procedures save companies millions of dollars and can potentially saves lives!
Tuesday, March 12, 2013
Tuesday, February 5, 2013
Enhanced Background Investigations: How will they impact Gun Control and Will it Mitigate our Risk?
Background investigations have significantly changed the landscape of business hiring practices globally. Years ago, only a small percentage of businesses conducted employment screenings and very few, other than those in key positions, underwent any type of background investigation. Our world and the dynamics of security and risk have shifted through the years. Since September 11, 2001, there has been a steady increase and today, more than 80 percent of businesses have a background investigations process in place.
Industries ranging from healthcare, finance, retail, manufacturing, technology, and others have made background investigations part of their routine process. These occur not only for pre-employment purposes, but also throughout the course of employment. Ongoing employee screenings after a person is hired is referred to as Infinity Screening in the investigation industry. Does all this extra scrutiny help organizations mitigate the overall risk? That question may be answered differently, depending on the industry and specific businesses that have implemented this process. Investigations are vital but they must be done as thoroughly and accurately as possible.
Can this risk mitigation apply to gun control and violence? As we all know, New York has taken the lead in passing very restrictive legislation causing much debate in Albany. The highlights of the New York Secure Ammunition and Firearms Enforcement Act of 2013 (NY SAFE ACT) include the following:
The current process when purchasing a weapon involves a person undergoing a National Instant Criminal Background Check System (NICS) check. The NICS is all about saving lives and protecting people from harm—by not letting guns and explosives fall into the wrong hands. It also helps to ensure the timely transfer of firearms to qualified gun buyers. Mandated by the Brady Handgun Violence Prevention Act of 1993 and launched by the FBI on November 30, 1998, the NICS is used by Federal Firearms Licensees (FFLs) to instantly determine whether a prospective buyer is eligible to buy firearms or explosives. Before ringing up the sale, cashiers call in a check to the FBI or to other designated agencies to ensure that each customer does not have a criminal record or isn’t otherwise ineligible to make a purchase.
More than 100 million such checks have been made in the last decade, leading to more than 700,000 denials. Through the years, there has been significant debate in the accuracy and thoroughness of the NICS system and whether it in fact includes all possible criminal records against all individuals. While there is no question that NICS checks have indeed kept some criminals from obtaining weapons, there is room for improvement when it comes to inclusiveness of records and precision of information. Investigations conducted by private, reputable companies are known to be much more reliable when properly and thoroughly handled. The debate and question that remains, however, is whether what has been implemented is enough?
The new legislation requires that a Federal Registry be created of weapon owners and mandated background checks be conducted when there are weapon transfers between family members and neighbors. This has prompted opponents to wonder if this would solve the problem. Significant discussions have arisen over whether the guns sold in the United States used in violent crimes are legitimately registered. Would these guns even appear on such a national registry?
Individuals and businesses must follow the lead of our country and be proactive in mitigating risk...but where do we draw the line when it comes to our right to protect ourselves and how is that line measured properly? Contact us at allianceinvestigative.com to learn more about mitigating risk in your organization, from pre-employment throughout the course of employment.
Industries ranging from healthcare, finance, retail, manufacturing, technology, and others have made background investigations part of their routine process. These occur not only for pre-employment purposes, but also throughout the course of employment. Ongoing employee screenings after a person is hired is referred to as Infinity Screening in the investigation industry. Does all this extra scrutiny help organizations mitigate the overall risk? That question may be answered differently, depending on the industry and specific businesses that have implemented this process. Investigations are vital but they must be done as thoroughly and accurately as possible.
Can this risk mitigation apply to gun control and violence? As we all know, New York has taken the lead in passing very restrictive legislation causing much debate in Albany. The highlights of the New York Secure Ammunition and Firearms Enforcement Act of 2013 (NY SAFE ACT) include the following:
- Assault Weapon Definitions
- Magazine Capacity and Sale of Ammunition, including very restrictive controls and registrations
- Statewide Gun License/Registration Database
- Mental Health/Mandatory Suspension Clauses
- 5 year rectifications
- Limiting disclosure of licenses
- Expansion of background checks for private sales and more...
The current process when purchasing a weapon involves a person undergoing a National Instant Criminal Background Check System (NICS) check. The NICS is all about saving lives and protecting people from harm—by not letting guns and explosives fall into the wrong hands. It also helps to ensure the timely transfer of firearms to qualified gun buyers. Mandated by the Brady Handgun Violence Prevention Act of 1993 and launched by the FBI on November 30, 1998, the NICS is used by Federal Firearms Licensees (FFLs) to instantly determine whether a prospective buyer is eligible to buy firearms or explosives. Before ringing up the sale, cashiers call in a check to the FBI or to other designated agencies to ensure that each customer does not have a criminal record or isn’t otherwise ineligible to make a purchase.
More than 100 million such checks have been made in the last decade, leading to more than 700,000 denials. Through the years, there has been significant debate in the accuracy and thoroughness of the NICS system and whether it in fact includes all possible criminal records against all individuals. While there is no question that NICS checks have indeed kept some criminals from obtaining weapons, there is room for improvement when it comes to inclusiveness of records and precision of information. Investigations conducted by private, reputable companies are known to be much more reliable when properly and thoroughly handled. The debate and question that remains, however, is whether what has been implemented is enough?
The new legislation requires that a Federal Registry be created of weapon owners and mandated background checks be conducted when there are weapon transfers between family members and neighbors. This has prompted opponents to wonder if this would solve the problem. Significant discussions have arisen over whether the guns sold in the United States used in violent crimes are legitimately registered. Would these guns even appear on such a national registry?
Individuals and businesses must follow the lead of our country and be proactive in mitigating risk...but where do we draw the line when it comes to our right to protect ourselves and how is that line measured properly? Contact us at allianceinvestigative.com to learn more about mitigating risk in your organization, from pre-employment throughout the course of employment.
Subscribe to:
Posts (Atom)