With nearly 20 years’ experience in the corporate security world, the former senior security manager at Barclays bank, Donna Alexander, understands all too well the importance of employment screening.
“You really do need to understand all of the individual threats to your business, the insider threats, so you can apply the appropriate counter-measures,” she told delegates at SMT’s The Threat Within conference.
Many companies already conduct strong pre-employment checks on job applicants, but Alexander sees the ongoing screening of existing employees as an equally powerful tool in the fight against insider crime. She believes in a simple approach to such checks, and thinks security managers can easily select the necessary controls by using an effective threat assessment.
“I can’t emphasise enough the need to keep your screening policy and standards absolutely as simple as possible,” she told the busy conference hall.
Refresher screening
During her 30-minute speech, Alexander highlighted the importance of ‘refresher screening’, or periodic checks on existing employees. She warned against blanket screening, however, stating the need for thoughtful and relevant screening procedures that take a variety of factors into account.
“You need to think about the employee and take into account their term of service with you,” she said.
The refresher screening process should also vary depending on the employee’s role, and might include a credit check, a criminal records check (if pertinent) and – if the threat to the company has changed – it might be necessary to look at additional control measures.
In some cases, Alexander warned, employees have been known to use fake documents to gain employment before handing them back to the black market for a small cash refund. Although managers have demonstrated a reluctance to ask employees to hand over their original documents for inspection after several years of employment, doing so here may reveal deception.
Why re-screen?
After three years with a company, an employee’s role is likely to have changed. If not, Alexander said, security staff must make sure the employee has exactly the same status as when they joined the company, and the only way to do this is to make them undergo screening again.
“When you look at the risk management cycle it is all about constant evolution, change and improvement,” she said.
When to re-screen
The easiest time to re-screen people, Alexander said, is when they are promoted or transferred within an organisation. This works especially well if the employee is moving from a low-risk role into a high-risk one. However, this is always done voluntarily and Alexander said it is important for employees to be aware that they are going to be re-screened, and that failure to do so may result in them losing out on their promotion or transfer.
“As long as that’s upfront and everyone accepts that, then you’re absolutely fine,” she assured.
Apart from promotions and transfers, Alexander’s personal view is that re-screening should be conducted once every three years.
How to re-screen
During her time with Barclays, Alexander introduced her employees to a booklet entitled “Know Your Responsibilities”. Although designed for the financial services industry, its principles can be applied to a much wider range of businesses. It contains a set of guidelines for employees to help them know their customers and their responsibilities for keeping the company secure.
“In Barclays,” Alexander said, “there was a requirement for people to disclose, to their line managers, any change in their status since they first commenced employment with the company.
“So, if they had actually obtained a criminal conviction or an adverse credit judgement, it was their responsibility to disclose that to their line manager.”
This system, she said, was a great premise to start from as it got employees used to the fact that they would be subjected to ongoing screening by their company.
To listen to Donna Alexander’s full seminar, delivered to SMT’s The Threat Within conference in December, just click play below.