A number of factors as well as threats are behind the increasing interest in background checks. To name a few:
- Employee shortages in the Czech labour market, especially in some sectors
- The deteriorating economic situation across Europe
- The growing trend towards remote work, including fully online employee recruitment
- Increasing sensitivity of internal information and know-how, especially for organisations in strategic fields and in government
- Increasing legal liability of organisations providing critical services, maintaining information systems and securing sensitive information including personal data
Any one of these factors could lead to an attack on your own organisation by a person seeking to do you harm. If several come together in a single candidate who is facing serious financial difficulties and who then applies online for a job vacancy with the intention of stealing and then monetizing confidential information, serious damage can result. Sound like a movie script? Take our word: it does happen. And often in organizations where no one expects it.
There are many other potential employee-related threats. There have been cases where threats were ignored and successful attacks on an employer's property have taken place. The trend to implement at least a basic process for verifying the credibility and professional history of job applicants is gaining strength.
Reasons for introducing background checks can be divided into three groups:
- Immediate reaction to an attack
- Instructions from a parent company
- Internal decision
We probably don't need to emphasize that reacting to an incident in haste after the fact is usually not a good reason. An instruction received from a parent company is a moderately better reason, but only after making one's own informed decision can the introduction of a background check process really pay off for an organization in the long run.
A roller coaster ride is not a solution
In practice, we often observe roughly the following cycle:
Ignoring security measures, no vetting of candidates taking place. Security breach, misuse of assets and internal information, theft of client databases. Embarrassment in the media, removal of senior staff. Rapid implementation of all possible and overlapping processes, purchase of tools and certificates, preparation of dozens of guidelines, training, seminars, active outreach. Gradual forgetting. And failure again.
Riding the roller coaster can be fun at the fair. But in running a company, protecting the assets entrusted to it and ensuring security, it is not the right approach. Quite the opposite - it's the road to hell. A road that is lined with problems, incidents, expensive consultants, purchased but unused systems, and fading memories of fired managers.
We'll listen to Mother, but we'll do it our way
Job applicant vetting is often implemented at the instigation of a parent company. This comes either in the form of an instruction to introduce background checks directly, or to obtain one of the various available commercial certifications that include job applicant verification (typically the ISO 27 series).
Of course we listen to Mother. But when she's far away and her instructions don't seem effective or we don't understand them, we translate them into our own language. We introduce background checks, but in our own way, more or less formally, even in connection with a certification, so that we have something to show the parent company, or perhaps a founder.
Behind the scenes, it can be worse. If the organisation's management and other key employees are not fully convinced that a comprehensive process of vetting job applicants will help them, then the practical implementation of the process can be a bit of a mess. It may have some results, it may detect some bad actors, but it will not eliminate all risk. And if management does not trust the process, neither do their subordinates, who may cooperate only reluctantly, take results on board in their own way, and all the while grumbling under their breaths.
Such a scenario is somewhat better than an out of control roller coaster ride. But it's still far from ideal.
Belief in the process produces results
Background checks work best where the organisation's management and staff trust in them. They understand that the process will help them and the entire organization, and that it can be implemented quickly, efficiently and without undue delays.
When systematic background checks become an integral part of an organisation's culture, part of not only the recruitment process but also ongoing risk management and protection of assets and sensitive information, you're halfway there. The whole process can be designed comprehensively and intelligently. Define which positions require background checks, why and to what extent, who will have access to the results, and what sources of information will be used. And most of all, use a tool that will verify job applicants against the specified criteria quickly and reliably.
Extending the metaphors above, a roller coaster is fine entertainment for children, and half-heartedly following mother’s advice or instructions is typical of adolescent companies. Truly mature companies value their assets, know-how and sensitive information, as well as the trust of clients and employees, and work to protect those values, too.
