Background

Summary

The motive of cyber-criminals directly impacts what companies they attack. Different sources yield different information. As the Internet has come to be a prime communicate for organizations to run security checks before an offer of employment is made. A background check can uncover past criminal behaviors and other information that suggest that a person can be encouraged to be a company spy. Thus, background checks are very important in organizational security. To put in bluntly, hiring the wrong person can be costly. Background checks include the following:

1. Identity checks (verify identity of the candidate)
2. Education and Credential Checks (verify institutions attended, degrees and certifications earned, certification status)
3. Previous employment verification (checks where candidates worked, why they left, and what they did and for how long)
4. Reference Checks (checks the validity of references and integrity of reference sources)
5. Worker’s Compensation History (checks claim from worker’s compensation)
6. Motor Vehicle Records (driving records, suspensions, other items noted in this public record)
7. Credit History (checks for credit problems, financial problems and bankruptcy)
8. Civil Court History (checks involvement as the plaintiff or defendant in civil suits)
9. Criminal Court History (checks for criminal background for arrests, convictions, and time served).

Description

Organizations are required by law to protect sensitive or personal employee information such as personal identifying facts– addresses, phone numbers, social security numbers, medical conditions, names and addresses of family members. Organizations are also required to protect sensitive information of customers, patients, anyone the organization has business relationships. The goal of this module is to help students master a repeatable, documentable penetration testing methodology that can be used to secure organizations through the hiring process.  To make sure that all employees understand how important security is, the organization should hold seminars to increase the level of security awareness to all employees. Employees should know about shoulder surfing and tailgating and how to prevent them. Shoulder surfing is the practice of spying on the user of an ATM, computer or other electronic devises in order to obtain their personal access information. Tailgating is when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint, so that they can gain entry as well.

Risk

Cyber-crime has become so regular that people and some organizations have become desensitized with the news of a data breach. Every now and then, companies announce that their systems were breached, followed by the extent of the damage, and what they’re doing about it. Compromised data is a subject that needs the public’s full attention. Data breaches can result in millions of private records and sensitive data stolen, affecting not just the breached organization, but also everyone whose personal information may have been stolen. Based on the data stolen, there are specific types of information that are of value to cybercriminals. Hackers search for these data because they can be used to make money by duplicating credit cards, and using personal information for fraud, identity theft, and even blackmail. They can also be sold in bulk in deep web marketplaces.

Real Life Examples

In 2015, The Obama Administration announced a massive theft of federal employee data that will cost American taxpayers as much as $20 million. The Office of Personnel Management said that, in response to the data breach, it had contracted with the company CSID to provide services to the current and former federal workers who had their personal information stolen. OPM said as many as four million people could be affected. This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance, and recovery services. OPM announced a final contract to provide those services with Winvale Group LLC. Winvale is the main contractor, and CSID is the subcontractor. While the services will be free for federal workers, they won’t be free for taxpayers. According to the contract award announcement, OPM will pay Winvale $20,760,741.63 for services designated as “call 1” in the contract. Those services include sending out 2.1 million emails to affected employees and 1.1 million letters, plus call center support, credit monitoring, and ID theft and recovery services for 3.2 million people (Kasperowicz 2015). In addition, in the same year there have been other notable breaches:

• Ashley Madison, Social Website where hacktivists stole information from Ashley Madison and dumped 10GB of data on the Deep Web. This included the account details and personally identifiable information of some 32 million users, as well as credit card transactions.
• TARGET, Consumer Retail, where hackers penetrated Target’s network and were able to infect all Point of Sales machines.  They were able to expose nearly 40 million debit and credit cards to fraud. The information stolen included PIN numbers, names, as well as other banking information.
• JP Morgan Chase & Co., Credit Provider, where the company disclosed that the data of an estimated 76 million households and 7 million businesses were compromised. The information included names, addresses, phone numbers, email addresses, and others.
• Anthem Inc., Healthcare, where an attack that started last April 2014 resulted in the data theft of over 80 million current and former customers. Data stolen included names, birthdays, social IDs, email addresses, as well as employment information (Business Report 2015).