Are Background Checks Necessary For IT Workers?

A spokeswoman for UBS told InformationWeek that when Duronio went from being a contract worker to a full-time worker in June 1999, background checks were done on a "selective basis, and Mr. Duronio wasn't subjected to one." She adds, "Post Sept. 11 and after the acquisition of PaineWebber by UBS, firm policy is that all full-time, part-time, and temporary workers are now subject to background examinations."

According to Dawn Cappelli, a senior member at Carnegie Mellon University's Computer Emergency Response Team, a 2006 study showed that 30% of insiders who are caught launching an attack against their employers have arrest records, and that those charges don't generally include computer crimes. Some 18% were for violent offenses such as rape and manslaughter, 11% were for alcohol- and drug-related offenses, and another 11% were for theft.

The good news is that there has been a sharp increase this year in the number of companies that are doing background checks on new IT hires, Cappelli says. A CERT study in 2005 showed that 48% of companies reported that they use background checks to prevent or reduce insider security incidents; that number jumped to 73% this year.

"We're not saying don't hire someone because they have a previous arrest, but it's something to consider when deciding who's going to be in IT holding the keys to your kingdom," Cappelli says.