Are Background Checks Necessary For IT Workers?

4foot10 writes "UBS PaineWebber learned a hard lesson after hiring an IT systems admin without conducting a background check. Now its ex-employee is slated to be sentenced for launching a 'logic bomb' in UBS' computer systems that crashed 2,000 of the company's servers and left 17,000 brokers unable to make trades."

Re:Only as much as every other position...

[susano_otter]

It's not that IT employees are more likely to do bad things than other people; but rather that IT employees are often in a position not only to do more harm when they go bad, but also cover it up better.

You don't need background checks for everybody, just for those employees in a position of significant responsibility and authority.

Been there, done that

[k4]

Yes, of course admins with the ability to wreak major havoc at an organization should have to undergo background checks. Several years ago I worked at a Fortune 500 company, and there were no background checks done at all for IT staff. Turns out we hired a guy who used a fake name and someone else's social security number, and he worked as one of our main sysadmins for over a year, with privileges on probably 100 servers and full privileges on the email servers, before he was caught. I thought background checks were a waste of time until that...scared me half to death because no one had any idea what he'd done in all that time, and worse, no idea who he actually was.

First Offence??

[number17]

How would this ever prevent a first offense??

It's UBS' Fault

[h4ck7h3p14n37]

The question you should be asking is not, "would a background check have prevented this", it's "how the hell could one person alone cause that much damage on UBS' network"?

One person should not have been able to push a logic bomb out to thousands of machines without several other people in the organization knowing about it. Isn't UBS publicly traded? The Sarbanes-Oxley Act should have required that their IT group be audited to ensure that controls were in place to prevent exactly this sort of situation.

Little/no reward

[mungtor]

The way that I look at it is this:

Your IS/IT people are less likely to do Bad Things(tm) since there is little or no reward in it for them. Upper levels of managment can embezzel funds, so can lowly finance interns. For them, there is the possibility of stealing millons of dollars over time.

For IS/IT people, what have you really done? It's a larger scale equivalent of breaking a window. You've caused trouble for other people, but there is no benefit to you.

Besides, IS/IT people are easy to keep happy for the most part. Let them have ownership of the network, don't micro-manage them, and buy them the occasional cool gadget. Want a 20" LCD? If the $300 is costs keeps you happy for 6 months, you can have 4. Want the most kick-ass computer in the company? For the $1000 difference it would take, no problem.

IS/IT people are important. They are the ones who know where your data is, how it's organized, and where it's backed up. Their needs are simple too. They mostly do IS/IT work because they like new stuff and gadgets. Throw them a new piece of tech every other month and keep their salaries at least comparable and you won't have to worry.

Disclaimer: I say these things about IS/IT people because I was one, then I managed them, and now I'm happy to just be one again.

Re:Background Checks and Credit Checks for IT

[mythosaz]

I hate to burst your bubble, but here's the reality. You, at 24, probably have a similar knowledgebase and skillset as other applicants for my positions. Since I run a background and credit check against my future employees, I get to pick between someone with the same skills as you and a "clean" record, or you with bad credit, a divorce and and a criminal record. Guess who I'm hiring.

Unfair? No. You're not the sort of person I want working for me. You don't have a stable family life. As such you're more likely to quit/move and give shorter notice when you do. You have bad credit. You haven't demonstrated (regardless of good or bad reasons) to large financial institutions that you're worth loaning money to. I'm less likely to want to give you access to mine. Finally, you're a criminal. Sure, you were a criminal when you were a kid, but, on paper, you're more likely to be a criminal in the future, and that's nothing my company wants anything to do with.

On the other hand, if you've got a great resume, and you stand out, and it's not a tiebreak, we might overlook SOME of those problems.

I sympathize. I have a divorce. Until recently I had bad credit. I got in trouble as a young adult and have a misdemeanor record (reduced felony). I know if I didn't have the skills I do in my special niche of the IT world, I'd be passed over in favor of others. Thems the breaks. It's the price I pay for the mistakes in my youth.

Background checks catch people who lie

[davidwr]

If he lied on his application, a good background check will reveal this. This goes for all employees, from the guy who mops the floors to the guy in the CEO's office. Remember, the guy you hire to mop the floor may be working on his CS degree and become your IT guy in 3 years. 15 years later he may be the CEO.

Catching a liar is much more valuable than disqualifying a murderer or embezzler. The former obviously hasn't learned his lesson yet.

As for protecting your systems from bad acts, keep audit trails. Where necessary, have independent systems log all administrator activity, and make sure those logs get stored in a difficult-to-erase-without-raising-alarms location, like magnetic tape on a machine your admins don't control. Change the tape daily or more and never recycle.

Use the concept of least-privilage. Make sure admins have the tools to do the work they need to do, where they need to do it, when they need to do it, and no more. Critical systems should have multiple approvals required to effect changes.

Re:Background Checks and Credit Checks for IT

[michael.j.jarvis]

Yes, I can understand the whole not wanting to hire me because of things in my past. The thing is, is that as I get older, things will start to work out for me. I've settled down quite a bit, and I do have much more stability in my life now than I did two years ago. I learned that in 6 years in IT, nothing comes fast. I don't expect to be a Senior Sys Admin when I'm 26. Maybe when I'm 36 or so, but not now. I'm in a great job as a Jr Level AD/Exchange Admin. I'm happy, I'm learning more each and every day than I did in the year I was in college, and I'm obviously more experienced than most Assoc. in CS degrees coming from the ________ Technical College. I totally understand the need for background. I tried for NACLAC/Secret Clearance back in 2001. Didn't get it then. Tried again this year for a contract job, and I got it. Of course, I had a chance to explain my past in the interview with the investigator. All I'm saying, is give someone a chance to explain themselves if black marks come up. Someone took time with me, and I'm wicked happy they did, or else I'd be in telemarketing.

Re: Ask yourself this question

[gidds]

Those figures mean absolutely nothing without corresponding figures from good employees.

If exactly 0% of good employees have arrest records, then an arrest record would be a pretty good indicator of malicious intent; while it wouldn't allow you to catch the other 70% of baddies, it would give you pretty conclusive evidence against that 30%.

If, on the other hand, the records for good employees were the same (which I suspect is closer to the truth), then an arrest record (or lack of one) would tell you absolutely nothing about an employee's trustworthiness.

And if the records for good employees were generally higher than for bad ones, then an arrest record would be an indicator in FAVOUR of hiring, not against!

So, worrying as those numbers might sound, they're utterly meaningless here without some context and background!

background checks are worthless

[thoughtlover]

A background check could filter out a lot of bad people.

Perhaps, but will a background check filter out a person who doesn't have a record? What happens if you piss of your sysadmin (for whatever reason)? You may get a similar situation as UBS. How is a background check going to help you there?

If anything, a psychological profile would be the proper approach. Ask, "Does this person, with a clean record, hold the propensity to go postal (aka, rm -rf *) ?" How many people graduating with a CS or IT degree have a crime-addled past? By and large, very few, I would assume, but that's assuming from experience. Not too many of my coding-nerd/dork/geek friends hold outward, violent contempt towards people. However, some of them seem to harbor a deep-seeded disdain for certain organizations, groups, etc. None of them have ever been in trouble for any reason, but what if you pissed one of them off for any reason? I can't say what one of them would do. Perhaps they would do nothing, short of quit their job, but no one can be certain what _any_ person will do when faced with extraordinary duress.

Personally, I believe if we were to go down the road to psychological profiling, we're treading in dangerous territory. Something along the lines of Minority Report meets Gattaca.

Re:background checks are worthless

No they are not. They cost $5000 - $22000. The real question is, should you employ admins to work in buddy pairs for mission critical situations?

Yes, some firms hire on Emotional Intelligence. Yes, whats that you say - the ability to poach and bring staff to the new place. So for executives or top gun programmers, a friendly network is ok. Just ask Google.

Then I say a dude who scored high in the Auditor/inspector department - hmmm don't want him, may find things wrong.

The best, EFFICIENT admins have some weird attributes as a rule. Pick someone else, and they will do Bangalore Helpdesk number on the firm - ie do exactly as told, no initiative, and no improvements. You will need to pay 6 admins to do the work of one, and not even as well.

A smart manager can detect when content employess become angry (frustrated is OK). If no warnings sign were seen, get worried. What was the trigger in this instance?

Generally, most admins don't need do anything except walk away, because all the undocumented stuff in ones head will ensure that employer will pay a dear price for a replacement. The stoppage of daily 'miracles' is sufficient. Evil ones will leave behind a few Dilbert books, and demand a clean break, and give his mates phonenumbers to a recruitment agency, so they can be poached.

Re: Ask yourself this question

[Billly+Gates]

Yes I have been denied jobs because my credit score wasn't high enough.

I always pay my bills on time but I rarely use credit cards and was a college student until recently so I didn;t spend much. Now employers think I am irresponsible with money or I am more likely to steal because thats what people without perfect scores do bla bla bla.

By law they have to tell you they are doing a credit check. But its a common practice and most employers will refuse to hire unless you agree to undergo one. Yes they have the power to see what your spending habits are as well.

Are felons ever forgiven?

[nexeruza]

This is a topic I've been curious about for a few years now. From about the age of 14 till I was 23 I've racked up many misdameanors and felonies as I went through life doing drugs and being a loser. I'm 26 now and have cleaned up since I was 23. I'm a student right now wondering if when I go for an interview or fill out an app if I should lie about my past or put down the truth and hope I'm given a chance. In the past I've lied and gotten many jobs, but its mostly construction, labor, grunt work that nobody ever does a background check on. I actually work in a factory that makes anti-theft boxes for vehicles. And I lied on the app for the temp staffing company that got me a permanent job there because they do not accept felons of any kind. It actually said on the app STOP if yes to question #12. From experience I've found that telling the truth is 99% guaranteed to have your app thrown in the trash. However from what I read here they actually do backgrounds checks and I've seen that in the hire ads at monster, dice, etc. For anybody that knows, should I maybe have low hopes for getting a job in IT because of this?

Should I lie and hope I slip through the cracks and hope some more my past is never revealed?
Should I tell the truth and burn gas to the next interview hoping I'll find somebody open minded?

My record is burglary, theft, dui. Nothing violent or job-related.

Yeah I know I brought this on myself but if I'm never given another chance am I supposed to do manual labor making 9 dollars an hour the rest of my life as punishment?

BTW, at my current job, I see "clean" employees steal things, yet I never do.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Its not about the record, its about the honesty!

its not whether or not a potential employee has a record (imho). It is whether the employee was HONEST about any prior run-ins with the law.

Take this example:
I interviewed four individuals for a networking tech position. The first individual was just out of school, not very sure of himself, and didn't really have a very high view of his own abilities during the interview. He did bring several certificates of completion of tests, etc from MCSE, CCNA, etc. When asked, he told me his only run ins with the law were traffic tickets.

The second individual seemed very well versed in all aspects of the position he was applying for, and seemed to really know his stuff. He seemed a genuine nice guy, who was very enthusiastic about the position. He did, however, seem to speak a bit TOO highly of himself. More of boasting rather than communicating his skills. When asked, he told me his only run ins with the law were traffic tickets.

The third individual was an older gentleman, a supposed "veteran" in the field. However, during the interview, he seemed to have a completely skewed understanding of modern networking. "Stuck in the past" so to speak. When asked, he told me his only run ins with the law were traffic tickets, and an arrest for drunk driving ~10 years prior.

The fourth individual had little in the way of "structured" education, but had a significant history of on the job experience. He wasn't young, but not old either. He didn't have much for "up to date" certifications, but when asked about current technology, etc, he was able to provide a very knowledgeable overview of the current technology, etc. Before asked, this individual informed me up front that he would have a record. He explained he would have a drunk driving and assault conviction that he had served time for, as well as several traffic tickets. However he assured me that they were older offenses, that he was an AAA member, and that he had SUPPOSEDLY been sober for 3 years.

Now, out of these four candidates, which do you think i hired after background checks?

Here is how the background checks panned out.

First individual - background check in line with claims, aside from a misdemeanor drug possession charge.
Second individual - had a significant history of assault and drug charges, as well as a charge for illegal weapon possession and fraud.
third individual - completely clean background, not even the claimed drunk driving charge
fourth individual - background check matched exactly what the individual described, and supported, (at least charge wise) that he had been clean for 3 years.

Now again, which do you think i hired?

.
.
.
.

The fourth, of course.

Re: Ask yourself this question

"Arrest record" is really the wrong term -you used it and it was used at least once in TFA. You can be accused of a crime, arrested for it, and let go, and technically you haven't committed any crime.

You can be arrested, never charged, and let go no strings attached. The arrest means nothing. These things by themselves should not give you a criminal record.

What SHOULD be examined is whether the person was charged with a crime and whether they were convicted of it. The conviction is really the part that matters. People get arrested and released all the time without charges being filed. It's really not the end-all that it sounds like and it really should not doom someone from ever getting a job.

Example: suppose your name is John Smith and you get arrested because there's a warrant for a John Smith, who happens to be someone else. You should (hopefully) get let go. But you got arrested, right? But you were let go. And none of it was your fault. This happens a lot with identity theft where someone steals the ID, writes a lot of bad checks, and the cops come looking for the real person who is actually a victim. The cops don't care. They arrest the person anyway, for a crime they didn't commit. Usually that gets cleared up.

Anyway, my company did background checks on every employee last year. Everybody from the CEO down to schlumps like me. We wanted to be able to tell clients we had checked everybody. Several branch offices lost people as a result, based on things found in the checking. It hurt but I know for a fact that clients have been asking for that sort of assurance. If it makes us more competitive than the other guy, perhaps it will lead to business.

I'm actually shocked they DIDN'T do one

[CharlieG]

I've worked for a LOT of places - some were banks. My wife works for a brokerage. Trust me, for every one of those jobs, we not only had a regular background check, but were fingerprinted, and the prints run

They actually called my wife back on one of them - at out old house, there was a woman with the same name 1 block away, so our addresses were 1 digit different. That woman had "problems". This has actually turned up 2-3 times, including at our house closing - we had to certify that my wife was NOT the other woman - they took our word, but had to sign a paper

I've held security clearences - they don't prove that you won't do something wrong too - BUT they do tend to get rid of SOME of the chaff - yeah, you lose some wheat too, but...

Credit checks are a great tool

[Slashdot+Parent]

With credit checks, it really depends on what they are looking for. I'm a landlord (which is different from an employer, although I guess I am also an employer), and when I pull credit on an applicant for a unit, I just want to know if the person has been lying to me or not. I don't even look at the score, except for grins and giggles.

If you tell me on your application that you are a perfect tenant, pay on time, just moving across town to a bigger apartment, great. But you'd be surprised how many times I pull credit and see the person is from out of state and moved because he's got 12 judgments against him from former landlords, and the local utility won't provide service to him 'cuz he owes them $5,000.00. I'm sorry, but where I live it gets cold, and if you don't pay your electric bill, my pipes are going to freeze and that's more damage than you can afford to pay for, buddy.

So, perhaps that is what employers are looking for. Validation that you aren't totally full of it. I've never heard of someone being denied employment because of a low credit score. I have heard of people being denied employment for lying on their resume or during their interview. "I see from your resume you attended Harvard. Tell me, why did you have electric service in your name in Mississippi and then in Alabama during those 4 years? Correspondence course?"

That's what I use credit checks for.