As an organization you might have done all due diligence before inducting employees in your organization to safeguard your business interests. Additionally stringent data access policies, Non Disclosure agreements and comprehensive IT security provides additional safety. In an ideal world this might be sufficient to safeguard your organizations interest.
Consider this:
Your vendors may hire sales and technical staff from their competition in order to gain advantage and skip the background verification suspecting biased response from the previous employer. In doing so they expose themselves to all kinds of suspicious and fraudulent elements in their systems. The real danger begins when they deploy these elements on your projects where they have access to your confidential and crucial information. You have trusted your service provider based on its track record and assumes that they would reciprocate by performing the due diligence while hiring. But what if these these service providers have overlooked the basic security to gain competitive edge and have now been exposed to risks that they are not equipped to handle.
In such a situation do you really feel safe in the hands of your trusted service provider? The actions of such elements have been commonly seen in instances of credit card fraud or data leakage. You might have invested millions in securing your own house and eventually are left vulnerable by avoidable negligence on part of these service providers.
What can you do?
- If your service provider has access to your crucial data (sales data, customer data, employee data, financial information, access to your IT infrastructure) you must insist on getting a copy of their Background Verification from your service provider. If the exposure is expected to be long term then you must get the background verification done from a third party agency. Many multinational and financial institutions today insist the background check of their vendor/service provider employees be done from an independent third party agency.
- Insist on a contract or agreement with the service provider covering Non disclosure
- Ask your vendor how they assure that their own employees do not indulge in these activities. If required ask for the copies of agreements that they have executed with their employees
After all it is the security of your organization. It is better to be safe then sorry as the risk associated can be much higher than what most organizations can afford.