Who have you hired lately? What do you know about their backgrounds? Is the information they provided on their resume or application accurate? The National Credit Verification Service says that 25 percent of the MBA degrees it verifies on resumes are false. College and university registrars report that at least 60 percent of the degrees they are asked to verify are falsified. The Wall Street Journal reports that 34 percent of all job applications contain lies regarding experience, education and the ability to perform essential functions of the job.

Smart Business spoke to Ron Williams at Talon Companies about how business owners can avoid the liability of making a bad — or dangerous — hire through the proper use of background checks.

Why should employers be concerned with accurate background checks?

Consider these statistics:

  • 30 percent of small business failure is caused by employee theft
  • Internal employee-related thefts occur 15 times more often than external theft
  • Embezzlement losses exceed $4 billion every year
  • ‘Other’ employee crimes cost businesses an estimated $50 billion annually

What do business leaders need to know when hiring employees?

Even more deadly than fiscal loss due to employee dishonesty is workplace violence. Not to mention the harm it causes employees and the company’s reputation, statistics show that the average award in a workplace violence lawsuit exceeds $1 million per case and, overall, on-the-job violence costs employers $36 billion per year.

One of the easiest and most effective ways a company can protect itself and its assets against loss of any type is to hire the right people. Although obvious, this advice is seldom heeded by employers, who rely on intuition in making hiring decisions more often than established facts learned through background checks.

Most businesses have neither the expertise nor the time to wade through the mountains of information from an almost infinite number of sources, all available to verify and check the background of an applicant. By failing to perform even the most rudimentary background check on a potential employee, employers are exposing themselves to liability for negligent hiring and, after the fact, for negligent retention.

What is negligent hiring?

Today, it is fairly common knowledge that employers have an obligation to provide a safe work environment for their employees. But not everyone is aware of the consequences that can stem from negligent hiring and/or negligent retention of employees.

Negligent hiring occurs when an employer does not exercise ‘reasonable care’ in hiring a new employee. More and more, legal actions are resulting in judgements that find employers liable for negligent hiring situations when an employee was hired into a position without the proper checks in place to verify that individual’s history. An employer who hires someone with a history of criminal behavior, when that emp;loyee harms another employee, client, or vendor, is likely to be held accountable. Additionally, employers run the risk of being held liable for negligent retention if they do not respond appropriately to signals from current employees that they may pose a threat to those with whom they associate through work.

What can happen to an employer who does not conduct appropriate background checks?

As an example, an armored truck company in Los Angeles paid a $12 million settlement in a negligent hiring and training lawsuit. The suit alleged that the company did not adequately investigate an employee’s past work record or provide adequate driver training.

In a federal court in Tennessee, a store customer was inured when restrained by a security guard who had identified the customer as a shoplifter. The customer was awarded $10 million in damages, claiming negligent hiring and failure to properly train the guard.

In Dallas, Texas, a suit against the owners and management of an apartment complex was settled for $5 million. The suite filed by family members of a deceased tenant, alleged that the tenant was killed by the assistant manager’s brother. The suit claimed that management was negligent in hiring as assistant manager without conducting a criminal background check. In this example, it was not even an employee who was identified as the murderer, yet the employer was cited for not conducting simple criminal background checks.

What should employers do to prevent these kinds of suits?

Because employers are held accountable if they knew, should have known, or had any reason to believe that an employee or prospective employee posed a risk of threat to others, it is essential that thorough background checks be conducted and documented.

At a minimum, every employer should carefully inspect the information recorded by an applicant on his or her application. Are any patterns of short-term employment noted? Ask the applicant for his or her explanation, then verify their explanations through a reliable background check agency. Social Security number verification, criminal and civil record searches and credit reports should all be part of an employer’s pre-employment screening program.

Proper screening of employees makes it possible for an employer to make an informed decision about applicants before they are hired and brought into the workplace. Such basic practices give an employer the ability to create a safe and profitable work environment and protect against loss.

For more information on background checks of all types, please contact Talon at (714) 434-7476.

Ron Williams is the CEO at Talon Companies. Reach him at (800) 808-2566 or rwilliams@talonexec.com. Reach Talon Companies Headquarters at service@talonexec.com, (800) 808-2566, or www.TalonCompanies.com.

Talon Cyber Tec is a subsidiary of Talon Executive Services, an independent risk management firm providing full spectrum services to secure corporate assets and prevent loss due to malevolent acts.

Published in Los Angeles

With 70 percent of the world's intellectual property within the United States, U.S.-based companies continue to dedicate extensive resources to research and development, achieving substantial value and benefit from their intellectual property.

Smart Business spoke to Ron Williams at Talon Companies about what companies can do when that valuable property is undermined by a theft.

Can businesses protect their intellectual property 100 percent of the time?

Although proactive security is the most mature and effective manner to safeguard a company's intellectual property, minimizing the likelihood that it will be stolen, the reality of risk management dictates that it is impossible to achieve a level of security that can, with 100 percent certainty, neutralize all forces seeking to successfully engage in the theft of intellectual property. As such, and in response to the theft of intellectual property through computer-based means, companies have the obligation to undertake well-orchestrated and thoughtful reactive measures to respond to the theft of intellectual property in a manner that will ensure electronic evidence is preserved and to establish a sustainable posture for internal or legal action.

Who should a company turn to in the incidence of an IP theft?

At the core of a company's response to the theft of intellectual property is the initiation of computer forensics and an enterprise investigation to identify, gather, analyze and preserve electronic evidence by experienced and certified professionals using dedicated forensic investigative tools. The discovery, collection, investigation and production of electronic information for investigating and handling computer-related crimes or misuse surrounding the theft of intellectual property is a well-defined process grounded in government and law enforcement guidelines.

What are the steps a company should take after a theft?

The following 10 high-level steps are meant to provide clarity with respect to the collection of electronic evidence:

  • Send a letter of notification to all involved parties
  • Include specifications regarding electronic evidence in the written
  • discovery request
  • IT staff should be deposed via Rule 30(b)(6)
  • Gather backup tapes
  • Gather removable media, such as CD-ROMs and zip drives
  • Question all available employees about their specific computer usage
  • Create a forensic duplication of the computer hard drive(s) in
  • question
  • Mathematically authenticate forensically duplicated data
  • Ensure the proper chain of custody is followed
  • Initiate the computer forensics efforts and enterprise investigation

Does the issue of IP theft affect all business?

All companies possess intellectual property that must be safeguarded from abuse, disclosure, theft and destruction. However, too many companies are operating with a false sense of security surrounding their ability to prevent against the theft of intellectual property, contributing to the dramatic rise in occurrence and escalation in intensity of intellectual property theft.

Proactively working to prevent intellectual property theft is a manageable undertaking and is the only way to attain a true level of trustworthiness within a corporate environment. As no company can possibly be totally proactive by predicting and neutralizing every possible risk and threat to intellectual property, defensive tactics and reactive techniques are vital to efficiently respond to the theft of intellectual property.

All predictions demonstrate that intellectual property will continue to increase in value over the next decade and, as such, intellectual property theft will remain a growing problem that companies must consider, address and react to.

Ron Williams is the CEO at Talon Companies. Reach him at (800) 808-2566 or rwilliams@talonexec.com. Reach Talon Companies Headquarters at service@talonexec.com, (800) 808-2566, or www.TalonCompanies.com.

Talon Cyber Tec is dedicated exclusively to providing proactive and reactive security solutions to combat the escalating threat and reality of cyber crime, helping organizations address the critical business issues of security, privacy and compliance. Talon Cyber Tec integrates the proven and well-established principles of physical security into the realm of information security by bringing together leading human capital, information security expertise, in-depth research, and extensive real-world experience to help organizations strike a balance between business and security goals.

Talon Cyber Tec is a subsidiary of Talon Executive Services, an independent risk management firm providing full spectrum services to secure corporate assets and prevent loss due to malevolent acts.

Talon Provides MCLE Training Programs

Published in Los Angeles

With 70 percent of the world’s intellectual property within the United States, U.S.-based companies continue to dedicate extensive resources to research and development, achieving substantial value and benefit from their IP.

Given the high degree of emphasis companies place on their intellectual property, a dangerous trend has emerged. Recent studies conducted by the American Society of Industrial Security (ASIS) and the FBI that demonstrate that more than one-third of surveyed Fortune 2000 and middle-market companies have no formal program for safeguarding intellectual property and spend less than 5 percent of their budgets on security.

As the regularity and intensity of IP theft continues to escalate, with losses calculated by ASIS at more than $150 billion per year, the protection of a company’s intellectual property and information assets has become a critical business issue. Although managerial and legal steps can and should be taken to safeguard such sensitive information, today’s technologically advanced world where information can be shared globally in a matter of seconds has changed the nature of how companies create, identify, maintain — and, thus, safeguard and protect — intellectual property.

Smart Business spoke to Ron Williams at Talon Companies about how businesses should approach the all-important process of protecting their valuable intellectual property.

What threats do companies face when it comes to their intellectual property?

Although companies struggle to prevent hackers from stealing intellectual property by fortifying their enterprise networks from external entities, the real threat continues to arise from employees, former employees and other direct members of a company’s work force. With more than three out of four instances of intellectual property theft perpetrated by inside employees or contractors, as continuously modeled by ASIS and FBI studies, the most devastating thefts of intellectual property have come from individuals who were deemed trusted insiders.

In light of this reality, the weakest link of a company’s security program is the human element. Anyone who has physical or electronic access to information assets, including contract workers, temporary workers, visitors, interns, and support and maintenance workers, has the opportunity to access unlocked computer workstations, computer servers, paper files and any passwords or other sensitive data left unprotected. Evenif a company has extremely robust IT security controls in place, all it takes is one careless, uninformed, or disgruntled person with access to the physical office space or enterprise network to engage in the theft of intellectual property.

How can businesses mitigate this risk?

The following high-level and summary guidelines can be employed to directly minimize this risk and further facilitate the protection of a company’s intellectual property:

  • Ensure that access privileges, such as passwords, are disabled immediately following the resignation or termination of an employee.
  • Restrict employees from sharing a single authorized account used to gain access to network resources or physical assets.
  • Inform all employees that their usage of network resources and interaction with information assets will be monitored and audited.
  • Track the inventory of portable computing devices, such as laptops and PDAs, to ensure no systems that may contain intellectual property go missing or remain in the possession of ex-employees.
  • Implement console locking mechanisms on computer workstations so that systems left unattended will automatically log off and become password protected.
  • Assign access privileges to employees based on their specific function and need to access intellectual property so that employees who do not require access to sensitive information assets do not have it.
  • Instill a corporate culture in which safeguarding intellectual property is a high priority and each employee understands his/her responsibility to adhere to security practices, policies and controls.

What if, despite a business’s best efforts, IP theft occurs?

Although proactive security is the most mature and effective manner to safeguard a company’s intellectual property, the reality of risk management dictates that it is impossible to achieve a level of security that can, with 100 percent certainty, neutralize all forces seeking to successfully engage in the theft of intellectual property. As such, and in response to the theft of intellectual property through computer-based means, companies have the obligation to undertake well-orchestrated and thoughtful reactive measures to respond to the theft of intellectual property in a manner that will ensure electronic evidence is preserved and to establish a sustainable posture for internal or legal action.

At the core of a company’s response to the theft is the initiation of computer forensics and an enterprise investigation to identify, gather, analyze and preserve electronic evidence by experienced and certified professionals using dedicated forensic investigative tools. The discovery, collection, investigation, and production of electronic information for investigating and handling computer-related crimes or misuse surrounding the theft of intellectual property is a well-defined process grounded in government and law enforcement guidelines.

The following high-level steps are meant to provide clarity with respect to the collection of electronic evidence:

  • Send a letter of notification to all involved parties.
  • Include specifications regarding electronic evidence in the written discovery request.
  • IT staff should be deposed via Rule 30(b)(6).
  • Gather backup tapes.
  • Gather removable media, such as CD-ROMs and zip drives.
  • Question all available employees about their specific computer usage.
  • Create a forensic duplication of the computer hard drive(s) in question.
  • Mathematically authenticate forensically duplicated data.
  • Ensure the proper chain of custody is followed.
  • Initiate the computer forensics efforts and enterprise investigation.

What should businesses remember about protecting their valuable IP?

Too many companies are operating with a false sense of security surrounding their ability to prevent against the theft of intellectual property, contributing to the dramatic rise in occurrence and escalation in intensity of intellectual property theft. Proactively working to prevent IP theft is a manageable undertaking and is the only way to attain a true level of trustworthiness within a corporate environment.

As no company can possibly be totally proactive by predicting and neutralizing every possible risk and threat to intellectual property, defensive tactics and reactive techniques are vital to efficiently respond to theft of IP. All predictions demonstrate that intellectual property will continue to increase in value over the next decade and, as such, intellectual property theft will remain a growing problem that companies must consider, address and react to.

Ron Williams is the CEO at Talon Companies. Reach him at (800) 808-2566 or rwilliams@talonexec.com. Reach Talon Companies Headquarters at service@talonexec.com, (800) 808-2566, or www.TalonCompanies.com.

Talon Cyber Tec is dedicated exclusively to providing proactive and reactive security solutions to combat the escalating threat and reality of cyber crime, helping organizations address the critical business issues of security, privacy and compliance. Talon Cyber Tec integrates the proven and well-established principles of physical security into the realm of information security by bringing together leading human capital, information security expertise, in-depth research, and extensive real-world experience to help organizations strike a balance between business and security goals.

Talon Cyber Tec is a subsidiary of Talon Executive Services, an independent risk management firm providing full spectrum services to secure corporate assets and prevent loss due to malevolent acts.

Published in Los Angeles

It’s making headlines again with journalists saying it’s the fastest growing crime in America, and anyone with a Social Security number is vulnerable. So how serious is the identity theft epidemic? So serious that former defense secretaries, CIA directors and counterterrorism advisors may be recent victims. Science Applications International Corp., a company known for hiring Washington’s most powerful intelligence and military officials, had their database broken into, an information surprise attack, leaving thousands of employees, many with security clearances, wide open to being stripped of their most valuable information.

Stolen identify not only affects Washington’s most elite security advisers, but also average citizens who have no idea they are being robbed.

Smart Business spoke to Ron Williams at Talon Companies about keeping your data safe from identity thieves.

How vulnerable are individuals and business to identity theft?

Tens of thousands of people from all walks of life are currently facing this harsh reality after a ring of identity thieves gained access to ChoicePoint, one of the most frequently used companies to access personal information. ChoicePoint holds the keys to personal profiles of nearly every consumer, selling their information to employers, landlords and government agencies. Shocked by the breach, attorneys and investigators are scrutinizing ChoicePoint executives for withholding news of the breach to those affected for several months.

Companies like ChoicePoint, who retain personal information about individuals in electronic format are now required to report any and all breaches to individuals who live in the states that have enacted legislation such as California’s SB 1386, a law that regulates the privacy of personal information.

What should people know about protecting their information?

As the epidemic escalates, many are left feeling helpless to respond to its devastating impact. Understanding the strategies used by these sneaky suspects can prohibit you from becoming a target. Identity thieves who broke into ChoicePoint’s database set up more than 50 fraudulent business accounts to gain access to consumer data. Combating these silent thieves requires proactive measures, investigation what others know about you and being vigilant about any sign of fraudulent activity.

Simple steps such as shredding all important documents, never disclosing information to unknown callers and only shipping on websites where the credit card account is encrypted are critical to halting this criminal activity before it becomes a crisis.

What should people do if they believe their information has been stolen?

Once a person has fallen prey to having their personal information stolen, it is critical to take the urgent steps needed, such as filing a police report, notifying one of the three major credit bureaus and, most importantly, issuing a fraud alert requiring brokers, credit card companies and other lenders to scrutinize anyone who opens any account in your name. Californians can also order a ‘credit freeze,’ requiring lenders, retailers and other businesses to get special access to your credit report through a pin-based system, preventing anyone from getting new loans and credit in your name.

What is the U.S. government doing to combat identity theft?

While there is no silver bullet to address identity violations, members of the U.S. Senate are introducing a package of measures to regulate the use of Social Security numbers by government agencies and private companies. This legislation would prohibit the sale or display of Social Security numbers to the public and require a business or government entity to notify individuals when a hacker has obtained sensitive information. Last year, Congress approved the Identity Theft Penalty Enhancement Act, which imposes tougher penalties on identity thieves.

Although progress is being made, former Secret Service and F.B.I. agents who have spent years investigating these crimes can provide extensive expert advice on how to respond to and combat this escalating epidemic.

For further insight and information:

U.S. Government for victims of identity theft: www.consumer.gov

U.S. Secret Service for victims of identity theft: www.treas.gov

FTC consumer complaint form: https://rn.ftc.gov

U.S. Department of Justice: http://www.usdoj.gov

SSA Inspector General for fraud: http://www.ssa.gov

Ron Williams is the CEO at Talon Companies. Reach him at (800) 808-2566 or rwilliams@talonexec.com to schedule a training program. Reach Talon Companies Headquarters at service@talonexec.com, (800) 808-2566, or www.TalonCompanies.com.

Published in Los Angeles

The Economic Espionage Act of 1996 was passed by Congress to protect American intellectual property and trade secrets. The act makes the theft or misappropriation of a trade secret involving commercial information a federal crime. Thieves can be inside employees — identified as the culprit 60 percent of the time — competitors, hackers looking to sell the information over the Internet, or foreign governments.

Smart Business learned more from Ron Williams at Talon Companies about protecting the assets that keep your company in business.

Where should businesses begin to protect their data?

To prevent theft of proprietary data a company must first identify what their ‘crown jewels’ are. These trade secrets must be identified and treated as secrets in order to have standing to seek criminal or civil charges against those who steal the information.

The second step is to conduct a physical and IT Security Risk & Vulnerability Assessment to identify how the trade secrets are protected and how a culprit can steal the information.

What are some ways data can be stolen?

Culprits, who are frequently inside employees, are stealing trade secrets and sensitive intellectual property through a variety of straightforward and not highly technical means. For example, culprits are sending e-mails to themselves, including through their personal Web-based e-mail accounts, that contain information in attachments. In addition, portable hard drives can be easily attached to a computer and its contents downloaded in a matter of minutes. In addition to both of these techniques, culprits continue to print hard copy documents and walk out the front door with them.

What preventive measures should companies put in place?

Once the vulnerabilities have been identified, the company must establish an INFO-SEC program to compartmentalize the information and protect the data with firewalls and encryption. An audit system that tracks retrieval of the data should be implemented to determine who accessed the data with time and date.

Employee electronic transmissions should be monitored as well as printers that store valuable data. The IT system should be monitored on a 24/7 basis so that an intrusion or breach can be identified immediately and steps should be taken to thwart the attack.

How can businesses thwart attacks?

In light of the frequent use of portable hard drives as a means to steal trade secrets and sensitive intellectual property, there are significant methods that organizations can embrace to mitigate this risk. In fact, the use of such portable hard drives can be prevented by disabling their access so they cannot be used as a vehicle to house stolen trade secrets.

Risk can be further mitigated by preventing employees from being able to access personal Web-based e-mail accounts. In doing so, organizations can ensure that illicit communications are not taking place and trade secrets and sensitive intellectual property are not being sent by employees to themselves or to untrustworthy third parties.

Lastly, a layered and tiered security program integrating physical, electronic access and egress measures with cameras and IT security together with a training program backed with policies and procedures is the recommended method to protect valuable trade secret information and intellectual property.

For further insight and information:

U.S. Government for victims of identity theft: www.consumer.gov

U.S. Secret Service for victims of identity theft: www.treas.gov

FTC consumer complaint form: https://rn.ftc.gov

U.S. Department of Justice: www.usdoj.gov/

SSA Inspector General for fraud: www.ssa.gov

Ron Williams is the CEO at Talon Companies. Reach him at (800) 808-2566 or rwilliams@talonexec.com to schedule a training program. Reach Talon Companies Headquarters at service@talonexec.com, (800) 808-2566, or www.TalonCompanies.com.

Published in Los Angeles

January 8, 2011, Tucson, Arizona, Jared Loughner in a flurry of 9mm bullets had killed six people and wounded fourteen others outside of a supermarket during an event held by U.S. Representative Gabrielle Giffords. This targeted violence with mass casualties had numerous warning signs, such as with many similar shootings involving the workplace, school-place, military bases, etc. Were there significant warning signs with Loughner? Could Loughner’s mass shooting have been prevented?

Violence does not occur in a vacuum. Smart Business spoke to Dr. Manny Tau, clinical and forensic psychologist specialized in threat assessments and a team member of Talon Executive Services, Inc., for some thoughts and resources for solutions.

What were the warning signs that Loughner would commit an act of violence?

An initial scan for a threat assessment of physical violence involves three major components: threat posturing, preparatory behaviors and rehearsal fantasies. Loughner had significant ‘hits’ in all three components. He had:

  • Scrawled threatening phrases on a form letter from Giffords that thanked Loughner for attending a 2007 event
  • Purchased a semi-automatic handgun on November 30, 2010
  • Previously purchased a shotgun earlier that year
  • Purchased ammunition within 24-hours of the mass shooting
  • Espoused bizarre and conspiratorial thoughts via multiple social media sites
  • Made farewell contacts via voicemail and social media
  • A significant history of bizarre behaviors and major mental health issues
  • Repeated problematic contacts and interventions by parents
  • Previously attended community college and law enforcement training

A more comprehensive threat assessment reveals even more information.

Clearly, evidence indicated that Loughner’s targeted violence had not occurred in a vacuum, that there were significant longstanding warning signs, and that there is a good to high probability his mass shooting could have been prevented.

When should you have a threat assessment?

When you observe predatory behavior accompanied by threats of violence. Business owners may be unaware that such behavior is happening at their company, so there should be a system in place where employees feel comfortable reporting this type of behavior. Even then, some employers may not know the proper protocol for investigating and addressing the problem — this is where a professional service comes into play.

What resources are available to companies concerned with violence in the workplace?

The use of a threat assessment professional can greatly assist in the workplace, particular if the he or she is a forensic psychologist specializing in threat assessments.

Federal Regulations and California Civil Code, 45 CFR 164.512(j) and Cal. Civ. Code 56.10(c)(19), allows a psychologist to overcome any HIPAA, Confidential Medical Information Act, or other disclosure of information barriers so long as the disclosures were necessary to lessen a threat. This allows not only the coordinating and sharing of important information to mitigate a threat potential in the workplace, but also provides an opportunity for case management and contacts/exchanges of information with various outside resources associated with the escalating employee, e.g., medical and mental health providers, qualified medical examiners, or fitness for duty evaluators.

For more information about threat assessments and active threat management, please contact Talon Executive Services, Inc.

Dr. Manny Tau is a clinical & forensic psychologist specialized in threat assessments and a team member of Talon Executive Services, Inc. Reach Talon at service@talonexec.com, (800) 808-2566, or visit Talon Executive Services, Inc..

Published in Los Angeles