Regardless of the industry, all businesses should be
vigilant with regards to employee theft. Employee theft can come in all shapes
and sizes, from an administrative assistant pocketing some extra Post-Its to
hardcore embezzlement on behalf of leadership. It can be easy to dismiss
repeated instances of employee theft as isolated incidents, implementing
disciplinary action or termination, and moving on with the work week. However,
many executives and managers may not realize that repeated instances of employee
theft could be indicative of a much larger problem in their corporation or
From a position of leadership, it’s easy to dismiss a single instance of employee theft; the employee is the one who made a choice to steal from their company or organization, and that employee was wrong for doing so. Discipline or termination typically follows, and leadership walks away feeling confident that they’ve removed a bad apple from their barrel. However, pervasive issues with employee theft are symptomatic of a systematic problem within the business or organization that go beyond a single employee’s bad judgement.
Why do employees steal?
The three most common reasons employees steal are not very
difficult to understand.
- employees feel as though their employer has wronged them, or their compensation is inadequate.
- employees believe that employers insure such losses—therefore it is a victimless crime.
- employees know they will not be held accountable if they are caught
All of these reasons may characterize the employee as “disgruntled,” a term with a cultural context that often absolves the employer of any misconduct. When a corporation or organization has repeated instances of multiple employees committing theft, it’s a sign that the corporate culture of the workplace is less than healthy. A single employee pilfering staplers is not symptomatic of unhealthy corporate culture, but 5 employees pilfering staplers is a sign that employees do not feel valued, and therefore do not respect their employer.
The cycle of healthy corporate culture always begins with happy employees, because when employees are happy, they are more engaged, and contribute positively to the productivity of the organization. This pleases leadership, which incentivizes them to make decisions that raise morale, such as rewarding success with pay-raises, benefits, and thoughtful, constructive collaboration. The cycle begins anew with happy employees. Poor corporate culture means that undervalued employees will contribute negatively to workplace productivity. One of the ways poor corporate culture manifests is through employee theft—and it’s not just about profits or staplers. When employees are disengaged from their duties, they’re more likely to take extraneous breaks, or taking longer breaks than permitted, which is theft of company time. This often comes from a rationalized perspective, in which the employee does not feel their own time is valued within the organization, and therefore will place the same perceived value on company time.
Whatever the type of theft, repeated instances of employee theft cannot be ignored. It may be a sign that your business or organization needs a corporate culture audit. A corporate culture audit is like a check-up—when you go into the doctor for a standard check-up, they evaluate all of your major bodily functions for signs of disease or deterioration, and a corporate culture audit is no different. When investigators conduct a corporate culture audit, they evaluate all of your business’s internal operations, hiring processes, and principle employees for roadblocks that hinder productivity and contribute to poor corporate culture. The identification of these pervasive issues will lead to investigators providing leadership with expert recommendations to dislodge the blockage, allowing the cycle of corporate culture to right itself through cause and effect.
If you think your business or organization needs a corporate culture audit, call Lauth Investigations International today for a free quote on our Corporate Culture Audit program. For over 30 years, Lauth has been providing corporations with solutions to stimulate their business. In pursuit of truth, call 317-951-1100, or visit us online at www.lauthinveststg.wpengine.com.
On the Line: Exposing Theft in Manufacturing
When your business is in manufacturing, you are the steam engine on a locomotive of consumer progress. Product quality and efficiency start with you—producing the best results so the next link in the chain has a reasonable chance of success. This means hiring the best people to work in your plant is paramount to clearing the black. Human Resource departments dedicate themselves to recruiting the best of the best for their company, but even the most qualified and dependable candidates can give you ugly surprises with dishonest behavior, including malingering, fraud, and most significantly, theft.
All industries experience internal theft lowering their profits, but manufacturing is one of those most heavily affected. The Association of Certified Fraud Examiners (ACFE) has reported in global industries, internal theft accounts for more than $3.7 million of eroded profits every year. The ACFE has determined, for manufacturing and production industries, the median loss is $194,000 per company. There’s no short of manufacturing industries who suffer this loss, but to a thief, some are more lucrative than others. The top five manufacturing targets of thieves are pharmaceutical, metal, cargo, electronics, and cigarettes. The opioid crisis in the United States is not only responsible for millions of dollars of theft in pharmacies, but also in the plants where drugs are manufactured, or the warehouses where they are stored. Warehouse and plant workers often swipe units of electronics and fabrication materials for use in their own homes. These items can go for a small fortune on the street, or they can be resold on the black market to avoid being traced.
The larger the theft, the quicker it is noticed, but no company should have to wait for a large loss to implement prevention strategies. Any high-ranking employee or human resources employee can recognize the signs of internal theft, if they know where to look. For example, employees might report recent loss, or seeing product in unauthorized locations. Employees may be exhibiting suspicious behavior, like repeated rendezvous in the parking lot, or the surrounding area. Outlandish material possessions, such as new cars, designer shoes, and expensive jewelry, might suddenly be a regular part of the employee’s life. Low morale is one of the most common causes of internal theft, as employees who feel undervalued suddenly rationalize to themselves they deserve to take something from the company for their hard work and sacrifice.
As such, human resource departments are always reshaping their recruitment process to ensure they hire only quality individuals to be a part of their team. And this goes for all ranks within a workforce. While a lower-level employee may not be noticed themselves, higher-level employees are the ones poised to cause significant loss to the company with their status and access to important company records. When everyone is a suspect, HR must implement procedures and methods of prevention that not only educate employees on the warning signs of theft, but also craft a culture that promotes honesty—if you see something, say something. These preemptive measures can be things like a comprehensive employee handbook, specific training to recognize signs of theft, effective security and monitoring systems, and a confidential tip line so that employees can report suspicious behavior without fear of reprisal. In manufacturing industries where groups of employees are assigned to their own sections, it’s important to have regular team meetings to maintain contact with the workforce so policies to protect the company can be reviewed and modified to improve and protect daily operations.
However, despite having a plethora of prevention methods in place, bad apples can still slip through the cracks of due diligence. When all attempts to handle a theft in-house have failed, there is still recourse. Many companies feel the need to handle all matters of theft internally, using teams of Human Resource employees or their own in-house investigator, but in-house operatives often lack the cohesive experience that comes from working in private investigations. The initial instinct might be to use an informal, in-house operative. Unfortunately, using an in-house operative has the potential to backfire quickly. If this investigator is known to the company’s workforce, their undercover efforts to sus out the culprit can be exposed easily, allowing the perpetrator to modify their methods, or disappear entirely before being identified. Poor investigations cannot only leave the perpetrator with an out, but can also exacerbate a workforce’s low morale, as employees become suspicious and paranoid.
Hiring a private investigator to investigate an internal theft has a wealth of benefits for business owners. Most obviously, an external, third-party investigator will be a fresh, unknown face to a company’s workforce. This “new blood” can freely move about the company inconspicuously. Their new hire status coupled with expertise in interviewing subjects will allow them to question other employees without suspicion. Private investigators also have a better chance of thoroughly investigating middle to higher management. As previously stated, these are the employees with the most access—able to alter inventory sheets and cost analyses. Over a period of time, a private investigator can hide in plain sight, keeping meticulous records on conversations and reporting surveillance findings that can be cataloged for any terminations resulting from the investigation.
Terminations under messy circumstances like internal theft can often have legal repercussions, on both the side of the employer and employee. Companies may feel inclined to prosecute for the losses to the company, or an employee who feels they were wrongly terminated may sue. Internal investigators who have improperly handled an investigation can be the lynch pin that brings any legal proceedings to its knees. Improperly gathered evidence or illegal methods of fact-finding will compromise the company and their position in terminating the employee. Terminated employees can argue the company fired the wrong person in the interest of finding a solution, or argue the termination is vindictive action. However, an external operative like a private investigator has no stakes in the outcome of any investigation. Their only loyalty is to the truth, and as such, their investigation is dependent on facts, not company politics. Private investigators are impartial third-parties, which leaves very little room for a thief to argue wrongful-termination.
When producing a quality product, the integrity begins in manufacturing. Regardless of the type of product being manufactured, theft at this level of production is profitable to an organized thief—especially one who knows how to cover their tracks. Keeping the investigation in-house certainly has public relations benefits, but ultimately, one of the tenets of quality private investigations is confidentiality. Confidentiality between a private investigator and a company will allow them to deal with the theft discreetly, but thoroughly. Their third-party status means they have no dog in the fight, and their solution will stand up to the highest level of scrutiny.
Indianapolis, Indiana is home to many impressive things. The city of over 800,000 is most famous throughout the country as home to the Indianapolis Motor Speedway, the site of the Indianapolis 500. In addition to a rich visual and performing arts culture, it’s also home to the nation’s largest children’s museum. Families across the United States cheer for one of two major sports franchises based in Indianapolis: the NBA’s Indiana Pacers, and the NFL’s Indianapolis Colts. It’s also home to one of the country’s best private investigators.
Family-owned and operated for more than 30 years, Lauth Investigations International has specialized in complex corporate, financial, and private investigations worldwide. It is one of many private investigation firms based in Indiana’s capital. Given recent crime data, Indianapolis is a city where a well of clientele may never run dry. One of the areas of criminal investigation most associated with private investigators is missing persons and violent crime, so it’s no a wonder why so many private investigators have set up shop in Indianapolis, with violent crime on the rise.
Relative to its size and population, Indianapolis is comparable to Portland, Oregon or Charlotte, North Carolina. Portland has a crime rate of 227 per every 100,000 people, which is lower than the national average crime rate. North Carolina experiences a higher than average crime rate of 441 per every 100,000 people. As of 2016, Indianapolis’ reported crime rate was 823.2 per every 100,000 people. A CBS News report ranking dangerous cities placed Indianapolis as the 12th in the nation, citing the violent crime rate at more than three times the national average.
News media is saturated with headlines concerning violent crimes committed against Hoosiers, so it was a surprise to most when the FBI reported crime was actually down 10% from 2016 to 2017, especially burglaries and robberies which were down 17%. Violence—especially gun violence—however, is climbing. As of October 1st, 2018, the Indianapolis Metropolitan Police Department had investigated 127 homicides and 109 murders, with 12% of those cases attributed to robbery. The recent murder of Tykece Mike-Jones is a tragic example. He was killed over a cell phone he was attempting to sell to a person he contacted through the internet—another in a string of killings IMPD has been putting on blast to warn citizens. According to the FBI, 2017 was the third record-breaking year for crime statistics in Indianapolis, and stats from the first half of this year have projected 2018 will be no different. Law enforcement attributes the overall drop in crime to the increased ubiquity of surveillance cameras in the metropolitan area.
Firms like Lauth Investigations International can assist in many types of criminal investigation. Just as in the case of violent crimes, private investigators combine the skills of law enforcement and the autonomy of a private citizen to conduct concurrent or independent investigations into a person who vanishes under any circumstances. But not all missing persons cases are the result of a person meeting a violent end. As “the crossroads of America,” Indianapolis experiences a moderate to high level of human trafficking. One of the most complex issues in human trafficking is tracking traffickers across multiple jurisdictions as they transport victims from city to city. Law enforcement can often be handcuffed by jurisdictional issues, but private investigators use their autonomy to pole vault over this red tape in pursuit of leads that might otherwise go cold. Due to his experience in complex missing persons investigations, private investigator, Thomas Lauth has worked with Interpol, the Federal Bureau of Investigation, the U.S. State Department, the U.S. Consulate and other foreign embassies on a myriad of cases, including human trafficking.
Indianapolis private investigators are not limited to cases of violent crime and missing persons, however. Every major metropolitan area will always have cases dealing with infidelity or child custody, but private investigators based in Indianapolis have ample opportunity to service local businesses with their skill-set. Indianapolis is home to a diversified body of businesses, but its five top industries are:
- Real estate
Many business owners—especially small business owners—often are not aware of how a private investigator’s services can protect, or even save, their companies. Every business needs valued employees, and finding the right person can often be an arduous task. The candidate might be qualified, but how much about their record can be independently verified? Hiring a private investigator to do background checks for employees will ensure that any verification of their qualifications will be vetted. In the wake of the #MeToo movement, many employers are making independent background checks a regular step of their hiring process in order to weed out potential predators in their workforce. All types of business can experience the full spectrum of employee theft (from vanishing office supplies to full-on embezzlement), violation of non-compete agreements, and offenses under the umbrella of employee malingering, including FMLA abuse. The independent involvement of a private investigator in the investigation of any employee misconduct will lay a strong foundation for any HR or legal consequences, ensuring that the investigation is thorough and objective from beginning to end. Kristen Justis, the Managing Director of Client Relations for Lauth Investigations International, commented on the role Lauth can play in bolstering local business, “We have a wealth of opportunities to help private citizens every day. We help frantic parents find their missing child, or put a spouse’s suspicions of infidelity at ease, but those are the cases that sensationalize this industry. Many business owners are not aware of how the services we offer can go a long way towards extending the longevity of their businesses.”
Every major industry operating in Indianapolis can rely on the services of a private investigator to protect their business—not just from its own workforce, but potential consumers as well. Finance, insurance, and real estate of all kinds can benefit from a comprehensive vetting of a consumer after their request for services. Financial institutions and insurance brokers may check a consumer’s credit, but a full background check on an applicant can sharpen the big picture when making a cost-benefit analysis regarding any transaction. In the housing industry, any landlord renting or leasing their property can be fully informed about their tenants when they employ a private investigator to run a background check. An analysis of Indianapolis’s economy by the Indianapolis Business Journal concluded that the apartment booms the city experienced were driven largely by empty-nesters and childless millennials, projecting that it would only continue to grow.
Indianapolis already has a national economical reputation for developing and sustaining niche markets, such as the market around motorsports and auto-racing. As the metropolis continues to grow in population and economy, so will the opportunities for Indy-based private investigators to support their community.
Carie McMichael is the Communications and Media Specialist for Lauth Investigations International. She regularly writes on missing person and investigation topics. For more information, please visit our website.
Rooting Out Thieves in the Workplace
It is estimated 30% of employees steal from their employer.
Most of us have dealt with a thief during our lifetime. Devious and sneaky, some thieves behave as if stealing is an art. It is usually a theft exposing them; however, many times, they can strike numerous times before getting caught. When theft happens in the workplace, it can not only be a costly lesson but the cause of a business failing.
An estimated 30% of employees steal from their workplace affecting all types of businesses. For instance, if you are running a restaurant with $1 million sales annually, at only 4% theft within the company, your company would be losing $40,000 a year!
Employee theft costs U.S. businesses over $200 billion in annual losses. Not only are companies trying to prevent the public from stealing items, inventory, assets, and ideas from a business, they must also combat thieves on the inside. Unfortunately, 75% of employee-related crimes go undetected.
Theft can take many forms, such as: stealing money, embezzlement, unauthorized use of business or customer identity, and theft of intellectual property, such as cases of patent or trademark infringement.
Combating Theft is Knowing How Employee Theft Occurs.
Employees who have access to a cash register is the most common way employees steal from companies. If unsecured, petty cash drawers or boxes, can be an easy target for thieves.
In addition, an employee can quote a higher price than the actual price of an item and keep the difference at the point of sale.
If employees have access to credit card information or checks, theft can happen as easily as sticking a few checks inside a folder, costing the owner thousands before it is detected.
Checks and Fraud
Most banks do not verify a signature on a company check making it very easy to sign and cash a check.
Credit card fraud is a number one threat to companies and consumers because most credit card holders admittedly do not check each line item on their credit card statement.
According to the U.S. Small Business Administration (SBA), companies with less than 100 employees, lose approximately $155,000 as a result of fraud each year, a much higher rate than large companies.
Employees may often perform actions and falsify records for work they didn’t do, such as requesting reimbursement for travel and other expenses unrelated to work. Employees may also set up fake payroll accounts for workers who have been terminated or retired. Creative thievery abounds.
Time theft or “Buddy Punching” is a very popular way timesheets may easily be falsified. Individuals complete this theft by having one employee punch another employee in or out for the other.
Excessive breaks, malingering, surfing the Internet, chatting with employees or taking personal phone calls are other ways time theft occurs. While some of these things may not at first be thought of as stealing, all these actions, or inactions, can affect the bottom line and be taking advantage of an employer.
Thieving employees will set up fake vendor accounts, submit phony invoices and issue checks for the false vendor. These checks can then be signed over to themselves and deposited. In addition, a variation would be paying a vendor $500 and writing a check to themselves, expensing the entire $500 to the vendor.
Loss of inventory can happen in the merchandise distribution process but can also happen before merchandise is made available to the public. Many times, employees will take items from a warehouse or newly arrived items before they are scanned into inventory software. Employees have even been known to steal entire shipping trucks containing merchandise headed to their employer’s company.
Some employees steal smaller items such as typical office supplies, but furniture and equipment are not off limits for a thief.
Many employees steal information to benefit themselves or a competitor. Types of information include: office memoranda, proprietary products, customer lists and/or other confidential data. Theft can occur by email, printing, or copying information to a flash drive or cell phone, or simply carrying it out in a purse or folder.
Sometimes, theft can be subtler, such as luring customers away, purposefully providing poor service, even spreading rumors to damage a company’s reputation and cause a down-turn in business. All are considered losses.
While there are ways to combat theft within your company, ultimately identifying the thief before they are hired is the most effective way to reduce the occurence of theft.
The SBA recommends: “One of the first steps to preventing fraudulent employee behavior is to make the right hiring decision.”
Background checks are a good practice for any employer, large or small, especially for those employees who will be handling cash, high-value merchandise, or have access to sensitive customer or financial data.
For over twenty-years, Thomas Lauth of Lauth Investigations International has been working nationwide and helping educate employers on methods used to combat theft.
“The first and most effective way to address theft in the workplace, is to conduct an extensive background check,” says Lauth. “A background check can provide insight into an individual’s behavior, character, and integrity.”
Which Types of Background Checks Should You Conduct?
According to the U.S. Chamber of Commerce, upwards to 30% of business failures are caused by employee theft. Thus, conducting effective, extensive background checks helps to mitigate your risk of hiring objectionable or even dangerous employees.
Not all background checks are the same. As you build a profile of your future employee, there are several kinds of background checks you should consider. For example, a criminal background check is different than checking on an individual’s credit score or military service, these require consent. A criminal background check does not require consent; however, some states have laws restricting how you use the information collected during a criminal background check.
Private investigation firms like Lauth Investigations offer complete background checks while helping you comply with the law.
Protecting Your Legal Liability with Background Checks
Smaller businesses often forego background checks for two reasons: 1. A false sense of trust and security developed by business owners working too closely with employees. 2. Most businesses do not understand the legal liabilities associated with the failure to conduct employee screening and background checks.
Any business where employees provide a direct service and interact with customers, such as contractors or daycare providers, is liable if an employee does harm to a customer and the employee has a history of wrongdoing.
A company, big and small. may not recover from this kind of lawsuit.
Choosing the Right Company to Conduct Background Checks
Protecting the interests of your workplace and customers while reducing potential liability is of utmost importance; therefore, it is vital to select a company you can trust to conduct the background screening both efficiently and thoroughly.
While employers can do some background checking of their own, working with an experienced and reputable company can ensure the reliability and thoroughness of the background screening.
Purchasing instant public records found online is not appropriate for conducting potential employee background checks. Most certainly if your hiring decision is based on tpublic record data, your company could land in hot water.
Most public databases do not fact check, clean up or refresh their data providing completely different information than received from an investigative firm experienced in conducting professional, legal and full background screening.
Private investigators have access to databases to determine if a potential employee has a criminal background.
A reputable company providing background screening services will ensure the information you receive is current and accurate.
If a hiring decision is made based upon information found in the background check, in most cases, the company must inform the potential employee of the source used to obtain the information for the background checks (which is where using public databases can get your company in legal trouble).
What can you expect from a professional background check? According to Lauth, it’s all in the details and you pay for what you get. If you want detailed, accurate information, you will choose a Private Investigation Background Search.
Unlike a personal background search using public databases, private investigators have access to several databases providing a variety of information.
- Employment history: This search will bring up employment records to include all positions held, making it easier to find discrepancies in a resume. It will also include salaries associated with the positions.
- Academic and professional affiliations: Qualifications to include academic history and certification, even if the person did not complete the program.
- Criminal records: Including a detailed outline of all criminal activity from traffic warnings and tickets to arrests and convictions. Also, these include jail time served and fines paid.
- Financial Standing: Reflects all liens, judgments, bank accounts, current and previous property ownership, repossession of vehicles or other personal property, NSF checks and bankruptcies.
In addition to the typical information received through a personal background check, a private investigator will include:
- Worker compensation claims an individual has filed. This can help determine the character of an individual by looking at the number of claims they have filed which could reveal a person is dishonest and fraudulent.
- Ascertain causes of accidents or any criminal activity. DMV reports will show accident dates and basic information but do not reflect the cause. Private investigators can provide the cause behind the accident and whether criminal activity was involved.
- Information on business and personal partners.
- Analysis of all findings.
Relying on an Internet search is risky. A professional background screening will be more in depth than simply entering a name in a database. When a company’s future is at stake, the only way to go to obtain concise information needed to make informed decisions is a professional, private investigations extensive background check.
Written By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
Penetration testing, intrusion testing and red teaming are some of the terms used for ethical hacking.
The word “hacking” almost always has negative connotations. It seems the mention of Chinese hacking, Russian hacking, or DNC hacking receives constant mention in our 24-hour news cycle.
Ethical hacking is also referred to as penetration testing, intrusion testing and red teaming, coined by the government during the 1970’s when they first hired ethical hackers to break into the United States government’s computer systems to test for vulnerabilities.
It is estimated “hackers” cost the United States more than $445 billion annually.
In a Fortune article “Data Breaches Now Cost $4 Million on Average,” according to IBM’s security division, the cost of a breach per incident has risen to $4 million, up 29% since 2013. “We’re now in a mode where these attacks are going to happen even to people that are well prepared,” said Caleb Barlow, a vice president at IBM Security.
Hackers cost the US government and corporations billions annually.
According to Fortune, hackers and cybercriminals cause most breaches, and more than half of data exposures are caused by malicious attacks; the rest are caused by mistakes or glitches.
Ethical hacking is a growing profession utilized by the United States government, technology companies and other institutions.
In the field, experts refer to three major types of hackers:
- White Hats: Security professionals or “ethical hackers” who use their expertise to strengthen a network and secure it from criminals.
- Black Hats: Malicious hackers or “crackers” who use their skills for malevolent purposes. White hats work to protect computer structures from the Black Hats.
- Gray Hats:Iindividuals who become white or black hats depending upon the circumstances and generally proclaim being an ethical hacker.
Many large corporations, such as IBM, employ teams of ethical hackers to keep their IT systems secure.
Why Ethical Hacking is Important
With every breach reported in the media, the need for more effective information security is becoming increasingly evident.
New technologies such as cloud computing, IT outsourcing, and enterprises must adjust their security practices and policies to combat the threat of malicious hacking. To combat threats, ethical hacking is rapidly gaining attention as an essential security practice to be performed on a regular basis.
In a public white paper entitled, “The Importance of Ethical Hacking: Emerging Threats Emphasize the Need for Holistic Treatment,” by Frost & Sullivan, it discusses top technical concerns and the role of ethical hacking in an enterprise architecture.
“The increased sophistication and success rate for recent cyber-attacks is directly related to the shift in the attacker profile, indicating that nation-states and large criminal organizations are funding well organized, highly motivated, and well-trained teams of programmers,” said Chris Rodriguez, Analyst for Frost and Sullivan. “The elevated threat landscape therefor, urgently dictates the need for a comprehensive, real-world assessment of an organization’s security posture,” said Rodriguez.
Ethical hacking provides objective analysis of an organization’s security stance for organizations of any size. Ethical hacking has become a mainstream service, as companies of all sizes pursue expert, objective, third -party analysis.
What is an Ethical Hacker?
Ethical hacking is an ambiguous term used to describe hacking performed by an individual or organization to help penetrate or gain access to identifying potential threats on a computer or a network infrastructure. In short, ethical hackers are simply computer programmers who use their skills in a constructive manner.
Ethical hackers can attempt to bypass security systems to isolate weak points malicious hackers could exploit. In the effort to eliminate or reduce potential criminal hacks, the information gained by the ethical hacker is then used by the company to make improvements to security.
Some may say there is no such thing as an “ethical” hacker. Simply “hacking is hacking” but the most notable hackers are known publicly as cybercriminals or computer criminals because of the damage they inflict on companies and individuals nationwide.
A highly publicized hacking incident where personal information is compromised can damage a company or organization for years.
A cybersecurity professional can have a range of expertise, anywhere from maintenance, administration, architecture, forensic investigation of secure networked systems that are increasingly necessary for the sake of operation of businesses, nonprofits, governments and medical, and educational institutions.
Even training is offered by the International Council for E-Commerce Consultants (EC-Council). The Certified Ethical Hacker (CEH) exam is made up of approximately 125 multiple choice questions and costs about $500 with additional IT certifications available. Training is entirely voluntary.
For hacking to be ethical, a hacker must abide by the following informal rules:
- Permission to access the network to identify potential security threats.
- Respect individual’s right to privacy.
- Treat all data, material, and findings as confidential.
Ethics play a vital role in hacking and differentiating innocent activities from computer crimes. Hacking is ethical if the skills are used to enhance a network system. But the issue of ethics can be very risky when one does not know a person’s motivations. With no formal code of ethics or code of honor, this void creates external forces to determine how to respond when ethical predicaments arise.
An ethical hacker will ensure the client’s IT system is properly evaluated for security issues and vulnerabilities, while protecting sensitive, personal and confidential or proprietary information. While accessing an organization’s system, the respected ethical hacker’s integrity will guide the actions of the ethical hacker.
While ethical hacking presents advantages to increase security to protect IT systems and assets, any organization implementing ethical hacking must consider any negative impacts that may arise from the practice.
An ethical hacker is typically contracted to hack the organization’s system. Hiring outside is usually preferred to start from scratch and simulate potential external hacks.
While there is an advantage of ethical hacking because it supports the organization’s efforts to gain more knowledge about the IT Security by identifying vulnerabilities, the main disadvantage is it presents risks of information disclosure. An outsider could intentionally or unintentionally disclose a company’s proprietary information to outside parties.
A dark side always is present where dishonest people will attempt to exploit others. Some risks of working with ethical hackers include:
- The ethical hacker using their skills to conduct malicious hacking activities.
- Massive security breaches.
- Potential the ethical hacker will place malicious code, malware, viruses or other potentially damaging things on a computer system.
- Allowing company’s financial, banking, or other proprietary information will be accessed.
Working with an Ethical Hacker
The benefits of working with an ethical hacker are obvious; however, many are overlooked, ranging from simply preventing malicious hacking to preventing national security breaches.
Before implementing any ethical hacking, an organization must ensure the ethical hacker understands the nature of the client’s business, computer or network system. This will help guide the ethical hacker in handling any sensitive confidential or proprietary information they may encounter.
The leadership in a company or organization must determine the sensitivity or confidentiality of the information involved. This will help ensure the ethical hacker does not violate laws, rules or regulations in handling sensitive personal, financial or proprietary information.
There are several guidelines to use when working with an ethical hacker:
- An ethical hacker should create a plan including: identifying all networks and components they will test; detail testing intervals; detail testing process.
- Require transparency while working with an ethical hacker, requiring all relevant information be reported while the system or network is being accessed. Transparency ensures the client to make immediate decisions and take necessary actions to maintain the security of the system or network.
- Establish target areas with written work agreements requiring the ethical hacker not to work beyond those parameters to minimize exposure of sensitive information. The ethical hacker should not access other areas on the computer or networks not specified in the agreement.
- Developing a non-disclosure agreement may be in order prior to contracting with an ethical hacker.
There are legal risks to include lawsuits involving disclosure of personal and confidential information possibly leading to a legal battle involving the organization and the hacker if the work is not done properly. Also, if the hacker makes errors compromising the IT network or company security, it is possible to negatively impact the organization’s general operations and profitability.
With cyberspace growing exponentially over the last decade, complex legal issues have led to the birth of a highly specialized branch of law. Cyber Law or Internet Law pertains to Internet and computer technology related offenses, especially copyright infringement and fraud that involve computers, software, hardware, and information systems (IS).
The Information and Technology Act, 2000 (IT Act) covers all types of cyber-crime, including hacking as provided under sections 43 and 66 which covers negligence and computer-related offenses.
Cyber Law prevents or reduces large-scale damage from cybercriminal activities by protecting information access, communications, privacy and intellectual property.
Ethical hacking is rapidly gaining attention as an essential business practice. Regardless of risks, companies large and small benefit from the work of ethical hackers by protecting a company’s most valuable data and protecting their bottom line.