Ask Jack: Ethical Hiring Sets The Tone For IT Security

By Jack McCalmon, The McCalmon Group, Inc.

We use an international recruiter for our IT staff. I assume that is better than just interviewing walk-ins or am I off-base?

To minimize internal data theft, hiring ethical employees is where you must start.  A hiring goal should be to prevent the "ethically challenged" from crossing the threshold into your organization, including IT staff.  

For many employers, like your organization, that means contracting with the right recruiter. Seems simple, but unfortunately, ethics in recruiting is often itself challenged, especially for coveted IT spots.  

A recent regulatory disclosure of the Tata Group disclosed the termination of 16 employees, removal of three employees from their human resource functions, and the blacklisting of six recruitment vendors because of a "bribe for jobs" scheme at its IT subsidiary. https://www.peoplematters.in/article/strategic-hr/16-employees-fired-3-removed-from-hr-function-6-staffing-vendors-barred-tcs-bribe-for-jobs-scam-39246

The specifics of the above are not known, but an assumption is that the 16 terminated employees paid the bribes to the six now-banned recruiters who then promoted those candidates above all other candidates. The HR employees who were stripped of their HR functions were more than likely not part of the scheme but approved of the vendors; failed to uncover the scheme; and/or were negligent in some manner. 

It is wrong to assume that recruiters are always ethical and offer the best candidates. Recruiters demanding bribes to manipulate selection is nothing new whether it is for IT jobs or college admissions as the 2019 college admissions scandal proved. https://www.si.com/more-sports/2019/03/12/college-admissions-recruiting-bribery-scheme-indictments-felicity-huffman-lori-loughlin

Recruiters demanding, and applicants paying, bribes is criminal in many cases and unethical in every case. It is not a far leap to assume that an applicant willing to pay a bribe is more ethically challenged than an applicant who seeks to be hired based on individual merit. You want extremely ethical participants managing your data because they often have access, at some level, to confidential data.

The final takeaway is ethics extends not only to employees, but also to contractors, and impacts security at its core. You should carefully screen IT recruiters to make certain they provide candidates solely on the merits. Screening should include a recruiter having an ethics policy, including a policy prohibiting bribes; a contractual guarantee that candidates are offered based on merit; and an extensive social media search, including message boards, of the recruiting company and their recruiters to determine if they are ethically challenged or ethically grounded.
 

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to ask@mccalmon.com. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.

 

Finally, your opinion is important to us. Please complete the opinion survey:

News

".Gov" Emails And Their Social Engineering Value To Online Criminals

Washington County, Arkansas officials report they successfully thwarted a cyber attack. Why was the county targeted? We comment. Read More

Upgrades And Updates: Why Smart Organizations Stay On Top Of Both

Some experts are warning users about the risk of the iPhone's new contact-sharing feature. We examine cyberthieves' methods for obtaining personal or organizational information. Read More

Human Error And Password Security

Most adverse cyber events are caused by human error. We examine common errors that lead to significant breaches. Read More