Perform Background Checks



Perform Background Checks Prior To Employing Anyone.

As your company expands over the years, the need for change Is Inevitable and a part of this equation, Is to employ extra staff to handle and manage your daily workload. Whilst It's pretty much standard practice to first sift through ex-amount of applicants (namely their CV/Resumes), prior to selecting the most suitable person for the job, how many times have you actually cross-checked "every possible detail" of a potential employee?  I'd say It's safe to assume that your answer Is zero.

Sure, you have their Resume at your disposal and after reading Its entire contents, you may be well and truly satisfied, but how do you know for sure that what you've just read Is In fact true and correct? You don't, and never will when taken at face value. Let me tell you that elite social engineers, are very good at manipulating and convincing anyone Into believing their side of the story! 

An SE'er could be employed at your company right this minute, with access to confidential Information and user credentials without raising any suspicion whatsoever. As such, "background checks" also known as "pre-employment screening", Is of the utmost Importance during the recruitment process. Before I provide you with the tools and know-how on this, let's have a look at an effective social engineering scenario.

The Social Engineer In Action:

Due to the structure of your business and the magnitude of the workload on a day-to-day basis, keeping your network and every computer up and running at It's optimal state, Is paramount. You do not currently have anyone who's computer-savvy, so you've "advertised for an IT technician" to look after and maintain your systems. 

All went well during the Interview and upon asking for his CV/Resume & certifications, he assured you he'll bring them In at his earliest convenience (you'll see why he delayed very shortly!). A couple of days later, the (so-called) IT technician has given what you've asked and after sifting through the details, you're happy with what you've read, and he Is now part of your workforce- actively maintaining the IT and network operations of your systems.

A few weeks later however, he has failed to show up at work for a number of days and he's not answering his cell phone. You think nothing of It at the time, but reports have come through from other workers that they cannot login to their accounts, and a lot of critical files are also missing

See what's happened? The tech guy wasn't who he claimed to be, but rather an SE'er who social engineered you during the Interview! He had no certifications to begin with, and "he purposely applied for the job to steal user credentials and other sensitive data". He delayed In handing In his Resume & certifications- just to allow himself time to create fake documents based on the Information he absorbed at the Interview. Pretty clever, yes? I think so too. This could've been prevented If a "full background check" was done. Let's checkout what this entails now.

How To Effectively Perform Checks:

A background check (pre-employment screening) Is only as good as "the nature of the details that you're looking to obtain". Do note that there's a fine line between what's considered a background check, and "Invasion of privacy", so check with the applicable law prior to proceeding. 

Here's my recommendations.

* Drug & Alcohol Screening.
* Previous Employment History.
* Credit Rating Check.
* Criminal Records.
* The Integrity Of Friends & Family.
* Educational History.
* Marital Status.
* Medical Conditions.
* Driving Offences. 
* And More.

Now you may be thinking that a lot of the above has no relevance to employment, however, the objective Is to establish the exact type of person you're dealing with, which ultimately defines who they truly are and what they're capable of doing. 

In Conclusion: 

I'd say It's very safe to assume, that you probably didn't realize the extent of what background checks Involve and the Impact a social engineer can have on your company If such checks are not carried out thoroughly. Be sure to use "various sources" with the Information you obtain about a potential employee, and cross-check the authenticity of each one. Moreover, only utilize reputable sources that have been In business for many years to date. 





Comments


Popular Social Engineering Posts