Opinion
Hiring Risk
Isn't the immigration issue just a matter of security?
By Bob Bragdon, Publisher, CSO
October 01, 2006 — CSO — For the past six months, I have played spectator to the national debate on immigration, watching competing political groups debate their positions. I've watched the CEOs of some major corporations call for a reform of immigration laws that would provide a kind of amnesty to those already in this country illegally. (Didn't we do that in the 1980s?) And believe me, I know how hard it can be to find good workers. And maybe I've been spending too much time with all of you and it's made me paranoid, but I have to ask: At the end of the day, isn't this immigration issue just a matter of security?
When your business hires employees, you welcome them into the "trusted" category of individuals who help make your organization work. As a best practice, you should be conducting background examinations to ensure you aren't inheriting someone else's problem employee. (At a minimum, employers should be asking new hires to fill out an I-9 form, which requires both citizens and noncitizens to show they can legally work in the United States.) But what if those individuals, those new hires, are in the country illegally? What does that say about them? And how can you conduct a proper background screening on them?
To take the point further, when you hire an unvetted worker, what type of risk is your business taking?
Your organizations look to you as security executives to advise them on just these types of issues, and I trust that you do. Maybe some companies have done the risk assessment and decided that the benefits
outweigh the risks, but I find the equation difficult to defend.
I am most concerned about those business leaders who, while not advertising their position, condone hiring workers without checking their status. I think about this invitation to risk—and then I look at another indicator of how businesses are dealing with crime. They sweep it under the rug.
According to the "2006 eCrime Watch Survey," which CSO just completed with our partners at the U.S. Secret Service, Microsoft and Carnegie Mellon University's CERT, 55 percent of businesses surveyed experienced some sort of electronic crime committed by an insider during the past year, with individual company losses up 46 percent to $739,700.
However, fewer than 28 percent of these crimes were referred to law enforcement. It appears that fear of negative publicity was a factor; survey takers cited harm to their organization's reputation as one of the worst impacts of electronic crime.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
