1 00:00:00,005 --> 00:00:02,002 - [Narrator] From a security perspective, 2 00:00:02,002 --> 00:00:04,003 hiring a new employee is one of the most 3 00:00:04,003 --> 00:00:07,005 important decisions that an organization makes. 4 00:00:07,005 --> 00:00:09,005 The insider threat is real. 5 00:00:09,005 --> 00:00:13,001 An organization's employees have privileged access 6 00:00:13,001 --> 00:00:17,000 to all kinds of sensitive information and systems. 7 00:00:17,000 --> 00:00:19,002 Of course, it's impossible to filter out 8 00:00:19,002 --> 00:00:20,008 all of the bad apples, 9 00:00:20,008 --> 00:00:23,009 but organizations have a responsibility to ensure 10 00:00:23,009 --> 00:00:28,003 that security plays a prominent role in the hiring process. 11 00:00:28,003 --> 00:00:30,007 Spending a little extra time on security issues 12 00:00:30,007 --> 00:00:32,006 before hiring an employee 13 00:00:32,006 --> 00:00:35,003 can help avoid costly mistakes. 14 00:00:35,003 --> 00:00:37,002 Every organization should perform 15 00:00:37,002 --> 00:00:39,008 preemployment screening to verify 16 00:00:39,008 --> 00:00:42,005 the backgrounds of potential hires. 17 00:00:42,005 --> 00:00:45,003 The timing an contents of this screening will vary 18 00:00:45,003 --> 00:00:47,003 based upon the type of organization, 19 00:00:47,003 --> 00:00:50,003 the job position, and legal constraints 20 00:00:50,003 --> 00:00:52,002 in the specific state or country 21 00:00:52,002 --> 00:00:54,003 where the employee is hired. 22 00:00:54,003 --> 00:00:57,004 Some common components of preemployment screening 23 00:00:57,004 --> 00:00:59,007 include checking for a criminal background 24 00:00:59,007 --> 00:01:02,002 in all states and countries where the employee 25 00:01:02,002 --> 00:01:04,000 has lived or worked, 26 00:01:04,000 --> 00:01:06,004 verifying that an employee is not listed 27 00:01:06,004 --> 00:01:08,005 on the sex offender registry. 28 00:01:08,005 --> 00:01:10,003 This is often a mandatory part 29 00:01:10,003 --> 00:01:12,007 of preemployment screening for positions 30 00:01:12,007 --> 00:01:14,009 where the employee will work with children, 31 00:01:14,009 --> 00:01:18,001 such as in a school or childcare facility. 32 00:01:18,001 --> 00:01:20,003 Checking references provided by the employee 33 00:01:20,003 --> 00:01:22,007 as well as using personal contacts 34 00:01:22,007 --> 00:01:24,008 at past employers to learn more 35 00:01:24,008 --> 00:01:26,006 about a job candidate. 36 00:01:26,006 --> 00:01:29,006 Verifying that the educational and employment experience 37 00:01:29,006 --> 00:01:34,002 on a resume is accurate by contacting schools and employers. 38 00:01:34,002 --> 00:01:36,008 And in some cases, organizations may perform 39 00:01:36,008 --> 00:01:39,001 credit checks to further investigate 40 00:01:39,001 --> 00:01:40,009 an employee's background, 41 00:01:40,009 --> 00:01:43,002 although obtaining and using this information 42 00:01:43,002 --> 00:01:46,000 requires written consent of the employee 43 00:01:46,000 --> 00:01:47,007 and is heavily regulated, 44 00:01:47,007 --> 00:01:49,009 so many organizations skip this portion 45 00:01:49,009 --> 00:01:51,006 of background checks. 46 00:01:51,006 --> 00:01:54,007 Organizations should use written employment agreements 47 00:01:54,007 --> 00:01:57,001 that spell out the employee's responsibilities 48 00:01:57,001 --> 00:01:59,001 in many different areas. 49 00:01:59,001 --> 00:02:01,000 For the purposes of the exam, 50 00:02:01,000 --> 00:02:02,008 you should know that this may include 51 00:02:02,008 --> 00:02:05,006 security-related responsibilities. 52 00:02:05,006 --> 00:02:07,009 Two specific areas that organizations 53 00:02:07,009 --> 00:02:10,008 should consider including in employment agreements 54 00:02:10,008 --> 00:02:14,000 are nondisclosure agreements or NDAs, 55 00:02:14,000 --> 00:02:16,005 where the employee agrees not to disclose 56 00:02:16,005 --> 00:02:18,009 any confidential information learned 57 00:02:18,009 --> 00:02:20,008 during the course of employment 58 00:02:20,008 --> 00:02:24,002 even after the employee leaves the organization, 59 00:02:24,002 --> 00:02:26,002 and asset return agreements, 60 00:02:26,002 --> 00:02:28,002 where the employee agrees to return 61 00:02:28,002 --> 00:02:30,002 all of the organization's property 62 00:02:30,002 --> 00:02:32,000 at the end of employment. 63 00:02:32,000 --> 00:02:34,000 This should include both information 64 00:02:34,000 --> 00:02:36,000 and physical assets. 65 00:02:36,000 --> 00:02:38,001 Finally, employers should use 66 00:02:38,001 --> 00:02:40,005 the hiring and orientation process 67 00:02:40,005 --> 00:02:43,001 as an opportunity to familiarize employees 68 00:02:43,001 --> 00:02:45,007 with the organization's security policies 69 00:02:45,007 --> 00:02:48,009 through training and perhaps a written acknowledgement 70 00:02:48,009 --> 00:02:50,008 from each new hire that he or she 71 00:02:50,008 --> 00:02:54,006 has read and agrees to the organization's security policies.