Follow by email

Tuesday, July 18, 2017

Frequently Asked Questions



During my time providing investigative services to businesses the same questions regarding pre employment screenings and background checks were repeatedly asked. To address those questions, we developed a list of frequently asked questions, which are shared below. I hope this will help answer questions you may have and guide you through the hiring process.

·      What are an employer’s legal obligations?
  • Fair Credit Reporting Act (FCRA). As of October 1, 1997 the FCRA requires that all employers who request background checks for pre employment screening purposes have a written consent from the applicant. 
  • Civil Rights Act of 1964, Title VII. Employers cannot reject or fire qualified individuals who have criminal records when the criminal history has no bearing on the individual’s fitness or ability to perform the job.
  •  Equal Employment Opportunity Commission (EEOC. The EEOC is clear in its position on employers’ use of criminal background checks for employee hiring and retention: “Using such records as an absolute measure to prevent an individual from being hired could limit the employment opportunities of some protected groups and thus cannot be used in this way.”
  • National Labor Relations Act (NLRA) was enacted in 1935. The Act allows for the National labor Relations Board to enforce laws that give employees the right to act together for improved pay and working conditions, even if they are not part of a union. 
·      What is a “National” record check?
  • We were always asked to conduct national criminal record checks. This request is difficult to explain because most people’s perception of the criminal justice system is marred by television. Simply put, there is no “national” database that houses criminal records. Records of arrests and adjudications are kept at the local courthouses and county jurisdictions. Conducting a non-law enforcement national background check would be better said as a “nationwide” check. To obtain a thorough picture of a person’s criminal past, all levels of government entities maintaining criminal records should be searched. Read our post "National" record checks, which further explains the subject.
If there is no national database, how do you get the most detailed information?
  • Look for companies that search both public and commercial databases within the Federal, State, and County jurisdictions. Analyzing the information to ensure the utmost accuracy for your screenings.

·      What is “Ban the box”?
  • Ban the box is national grassroots movement to remove the question, “Have you ever been convicted of a crime” from employment applications. Many State and local jurisdictions have passed laws removing the question from government employment applications.

·      What is Bright line hiring?
  •  “Bright line” is a clearly defined rule or standard, generally used in law, composed of objective factors, which leaves little or no room for varying interpretation. The purpose of a bright-line rule is to produce predictable and consistent results in its application. 
  • A Bright line hiring example would be to not hire someone with a criminal record. Bright line hiring practices are dangerous for any business, as you may have violated the Civil Rights Act of 1964 or EEOC guidelines.
·      Can expunged records be located?
  • Sometimes. The legal term “expunged” has different definitions in different states. Some allow for the records to be sealed and treat the case as it never happened. Some change the conviction to “dismissed”, but the other details of the case are the same. In Maryland, it means to remove from public inspection. 
  • Although records are expunged, they are filed somewhere.  Third party vendors purchase data from government entities before records are expunged. They then resell that data. Although records get expunged, they remain active through third party vendors.
·      Why should I do pre employment checks?
  • Avoid the expense of making a bad hire. Bad hires can cost as much as three times the salary of the job in question
  •  Reduce liability: Putting current employees at risk by placing a violent person in the workplace.
  • Find those with a propensity for violence. Workplace violence has been found to make up 18% of all crime.
  •  Reduce of workplace accidents
  •  Reduce resume puffing. One-third of resumes have some degree of puffery
  •  Aid the applicant. During the process other names associated with the applicants’ social security number are regularly discovered. This information may help the applicant thwart identity theft.
·      Why can’t I just do checks myself?
  • You can and many do. The Internet is a very powerful tool. The questions are: Do you have time? Do you know where to look? Do you know how to decipher the information you do find? Are you sure you are looking at the correct person?
See our blog archive and topic categories for more on this topic.
FCRwhat? March 2015

Wednesday, July 5, 2017

Public Wi-Fi for dummies


Traveling and staying in a hotel I started to use the Internet via a Smartphone. I paused, thinking data usage might be tight so better use Wi-Fi. Logging into the hotel’s Wi-Fi I paused again, knowing better than to use unsecured public Wi-Fi. Thinking I was only checking the Internet for dining options, it was safe to use pubic Wi-Fi for that purpose. Then the browser failed to load, with a warning that the server was an unsecure network. Thank you Google or Apple or whomever installed a safety feature to moderate our temptations. The tricky thought occurred to turnoff the Wi-Fi, log into the account and then switch on the Wi-Fi. After some research it was revealed that this technique would still leave you vulnerable. After switching the connectivity your phone (the app or website) would renegotiate the connection, although seamless to the user, your login information would still be exchanged and visible.

Decided to look into the pitfalls and dangers of public Wi-Fi. A simple search returned many articles on public Wi-Fi risks. Lots of experts explaining how easy it is compromise networks and for unsuspecting users to fall victim. Smartphones, tablets, and laptops have become appendages to our busy Internet connected lifestyles. Data usage has become the new “minutes” and consumers are looking for ways to save on usage and ultimately money. Public Wi-Fi is a common way to cut back on data usage. However, there is risk to online security.

Risks

Norton reported in 2013 that 68% of people using public Wi-Fi were victims of cyber crime. The Norton Cyber Security Insights Report announced that in 2015 21% of Americans had their email hacked and 12% had their financial data stolen after shopping online. Millennials are a growing victim demographic with 40% falling prey to cyber crime in 2015. Although one of the more tech savvy age groups, Millennials are more open to sharing logons and passwords that compromise their online security.

When you leave the house you are still connected. Whether you login to your accounts via the cellular network or Wi-Fi, nothing is 100% secure. While 4G cellular networks are encrypted and are far, far better than an unsecured public Wi-Fi connection, there have been incidents of cellular networks being hacked. Although the effort is usually much greater than most cyber criminals are willing to make. Public Wi-Fi is a much easier target. Both due to security weaknesses and the plethora of devices being used on those networks.

Breaches

Most public Wi-Fi breaches are through man-in-the-middle attacks. Hackers place themselves either between two victims or between the user and the app and eavesdrop on the transmissions being sent back and forth. It is important when using apps and websites in public to ensure you are logging into the correct site or app as hackers can spoof those and trick users to logging into the hacker’s site.

Just because you need a password to login to public Wi-Fi doesn’t mean it is secure. It just means that there is an authentication step before you can access the router.  Additionally, the person setting up the Wi-Fi may not have installed all the available security features.  The hacker may be logging into the same network as you, giving them access to your transmissions.

When you are browsing, HTTPS is usually a good thing to look for. It means the data transfer between your device and the website is secure-on their end. There is still a possibility that you were hacked on your end. It’s like having a phone conversation but you have your phone on speaker.
The most secure networks offer end-to-end encryption. Financial apps usually are encrypted. Most big name apps/browsers/email/social media are probably secure from man in the middle attacks as the data being exchanged is encrypted, the session can be viewed but not the data. However, we’ve all read about the big guys getting hacked. Better safe than sorry later.

Reduce your risk

Some simple rules to live by while using your mobile devices in public.
When using any network that is not your own, consider it unsecure.
Never use public Wi-Fi to login to anything that requires a password. After using any network that is not your own it is wise to change passwords.
When you do use hotel or public Wi-Fi, make sure you are, in fact, connecting to the hotel's Wi-Fi and not hacker’s site. Look-alike Wi-Fi signals use names similar the hotel or business.  If you’re not comfortable, ask before logging on.
Keep your device OS up to date.
Use COMMON SENSE.

Review our blog archive for other articles cyber security: