You are here

CISA Publishes Resources for Onboarding and Employment Screening to Help Manage the Risk of Insider Threats

CISA Publishes Resources for Onboarding and Employment Screening to Help Manage the Risk of Insider Threats

Created: Tuesday, July 30, 2024 - 16:24
Categories:
Cybersecurity, Physical Security, Security Preparedness

Last week, CISA released a new resource, "Resources for Onboarding and Employment Screening," designed for critical infrastructure leaders, human resources (HR) personnel, and managers at any level. This fact sheet provides actionable recommendations and resources for vetting and screening of individuals prior to hiring into an organization. Overall, the goal in conducting personnel vetting and background checks is to reduce the potential for insider threat activity.

Determining the suitability of individuals to hold a sensitive position is one of the first steps in mitigating against potential insider threats. CISA encourages personnel responsible for hiring new employees to incorporate the relevant resources listed within this fact sheet into their background screening and onboarding processes. Accordingly, the fact sheet offers guidance and resources for confirming the identity and personal history of a potential hire as well as information for records check. The fact sheet also includes links to additional guidance, training, and key insights related to the safeguarding of your workforce from malicious insider threats, potential suspicious indicators in the workplace, and violence prevention strategies.  

CISA recommends organizations develop pre-employment screening policies that identify unsuitable factors relevant to each open role, grounded in both the assessed level of risk and the operational environment. Employers should involve legal counsel to ensure any policies developed are in accordance with state and federal law. As noted above, these recommendations are geared toward reducing the risk of an insider threat. An insider threat can be an individual or group who uses their authorized access or special knowledge to cause harm to an organization. This harm can include malicious acts that impact the security and integrity of an organization’s operations. WaterISAC regularly tracks and receives reports of insider threats occurring in the sector. Insider threats could manifest as current or former employees, temporary workers, volunteers, contractors, or any other individuals with privileged access. Access the fact sheet at CISA.