Who Can You Trust?

Disgruntled insiders have always been the biggest threat to your network. But now geopolitical tensions raise the ante on checking backgrounds of those you think you can trust.

Monitor-maker ViewSonic did not see this one coming.

A network administrator it once employed was arrested last month for hacking into the monitor-makers network and wiping out critical files.

It could have been worse. The former employee, Andy Garcia, 39, of Montebello, Calif., could have been more destructive. He also was charged with possession of a semiautomatic assault weapon.


The arrest occurred roughly two weeks after Garcia was terminated last year. Relatively speaking, the break-in was a walk in the park, considering he was "in charge of several computer servers and had access to system passwords for management employees," according to the Department of Justice.

With layoffs and tough economic times giving rise to more disgruntled professionals, information technology executives are now facing this fact: Background checks are the first line of defense against harm to servers, networks and communications infrastructure.

Security firm Kroll Inc. recommends that the checks include drug screening, psychological examinations, credit reviews and securing of federal and local crime records, particularly for positions where changes can be made to applications and system operations.

Walnut, Calif.-based ViewSonic couldnt say much about the Garcia case. A spokesman said "all of our employees are background-checked," but wouldnt elaborate on the stringency of those checks. Assistant U.S. Attorney Wesley Hsu couldnt comment on whether Garcia was initially screened.

Why the emphasis on background checks? Although hack-attacks from outsiders get the press, the real damage comes from insiders. "If you look at the attacks in volume, 70% of them come from outsiders, but the 70% that cause damage are insiders," says Gartner Inc. analyst John Pescatore.

Indeed, a 2002 Computer Security Institute survey said 80% of respondents acknowledged financial losses from computer breaches. Forty-four percent were willing and able to quantify those losses, putting them at $455.8 million.

ViewSonic was lucky, since Garcia only precluded the companys Taiwan office from accessing data for a matter of days. It could have been worse. Two warnings from the U.S. National Infrastructure Protection Center (NIPC) last month urged key industries such as telecommunications, finance, utilities and industrial plants to be wary of "insider personnel" that could use employers—and their networks—to make political statements, commit cyber-crime, or worse, bolster terrorism.

To defend against such activities, the government suggested updating antivirus software, increasing user awareness and stopping suspicious attachments at the e-mail server. But a better route may be to create a comprehensive plan to figure out which of your potential new employees may have a proclivity to creating harm, for political or other personal reasons.

Data on screening technology workers is scant, but Pescatore estimates that background checks have more than doubled since the Sept. 11, 2001 terrorist attacks to about 20% to 25%.

A tight job market also has given employers more leverage to demand background checks for all kinds of hires, both salaried and contract.

The main objective should be to eliminate what Alan Brill, senior managing director of tech services for Kroll, dubs "invisible" workers—full-time or temporary employees that have access to customer, human resources or financial systems, but whose interactions with computer systems go unnoticed. "Your system does not care if you get a W-2 or not," says Brill.

Barbara Blair, CEO of CyberStaff America, says her technology-staffing firm conducts stringent screening, including criminal and credit checks on workers.

"Its protection you need because its not a laissez-faire world anymore," says Blair.