Although these are listed in some order, different situations will obviously shuffle the order somewhat.
Also, do you have another common mistake to add to the list?
Discussion on:
View:
Show:
Certainly you can add to the worst practices list 1. giving people more data access than their job requires and 2. failing to terminate access when people leave the company.
Craig Herberg
Craig Herberg
Just as you wouldn't have a security officer without good
technical knowledge of networks and threats, why would you let
an unqualified financial observation keep you from hiring the
best person available?
i.e.: Man owns bar for a few years, for various reasons it is not
profitable enough and there are no buyers due to economic
times in the area. The dept. of Revenue in his state files
commissioner filed returns for "missing" months (he had actually
closed the business, but this is an error VERY common among
state and local government agencies). The agency has the power
(and routinely uses the process) to file on behalf of "late
accounts", and without the need for any court order can then file
a judgement against the individual for the entire amount with a
large penalty and interest that runs from day one on their
mythical date of filing.
Add to that, they will then "Notify" the person by mailing to the
business address the notices, which are only sometimes
returned by either the current dweeler of the address (if there
even is one) or the Post Office.
Next, they use a private collection agency to collect, who also
files collection proceedings against the individual.
Now, imagine the individual moves, and this goes on (without
his knowledge) for 12 years!
Then one day, as he is selling his home, he finds out (at closing)
about all this wonderful credit activity!
It happens, and a look at the FICA in this case would give a very
low score with active collections and tax liens, even though the
individual is blameless (and was, ironically, advised to claim
bankruptcy to easily escape the issues- which would make this
individual unacceptable to you and dismissed out of hand). This
person was otherwise sound technically, had wonderful people
skills (the bartender in him no doubt) and was an entrepeneurial
spirit who acted as though he was spending his own money
when recommending fixes/replacements/upgrades- because he
had been a business owner he was keenly aware of the
pressures and realities.
Also, according to financial experts, the average individual has
at least three major flaws or mistakes in their reports which are
not factual. In addition, a divorce can ruin a person's credit, or
the other person in the marriage may have ruined it and is the
underlying cause for the divorce.
I find that at best, the financial part of a persons application
should just be an indicator of possibility, not probability.
Items such as not deleting old accounts and the sharing of
passwords/written down passwords are far bigger concerns and
should rank higher than this item in a "Top Five" listing.
technical knowledge of networks and threats, why would you let
an unqualified financial observation keep you from hiring the
best person available?
i.e.: Man owns bar for a few years, for various reasons it is not
profitable enough and there are no buyers due to economic
times in the area. The dept. of Revenue in his state files
commissioner filed returns for "missing" months (he had actually
closed the business, but this is an error VERY common among
state and local government agencies). The agency has the power
(and routinely uses the process) to file on behalf of "late
accounts", and without the need for any court order can then file
a judgement against the individual for the entire amount with a
large penalty and interest that runs from day one on their
mythical date of filing.
Add to that, they will then "Notify" the person by mailing to the
business address the notices, which are only sometimes
returned by either the current dweeler of the address (if there
even is one) or the Post Office.
Next, they use a private collection agency to collect, who also
files collection proceedings against the individual.
Now, imagine the individual moves, and this goes on (without
his knowledge) for 12 years!
Then one day, as he is selling his home, he finds out (at closing)
about all this wonderful credit activity!
It happens, and a look at the FICA in this case would give a very
low score with active collections and tax liens, even though the
individual is blameless (and was, ironically, advised to claim
bankruptcy to easily escape the issues- which would make this
individual unacceptable to you and dismissed out of hand). This
person was otherwise sound technically, had wonderful people
skills (the bartender in him no doubt) and was an entrepeneurial
spirit who acted as though he was spending his own money
when recommending fixes/replacements/upgrades- because he
had been a business owner he was keenly aware of the
pressures and realities.
Also, according to financial experts, the average individual has
at least three major flaws or mistakes in their reports which are
not factual. In addition, a divorce can ruin a person's credit, or
the other person in the marriage may have ruined it and is the
underlying cause for the divorce.
I find that at best, the financial part of a persons application
should just be an indicator of possibility, not probability.
Items such as not deleting old accounts and the sharing of
passwords/written down passwords are far bigger concerns and
should rank higher than this item in a "Top Five" listing.
I believe that you have illustrated precisely why this is an inacurate indicator of performance.
OK, i'm fine with that attitude, but how do you explain the fact that most larger companies DO consider financial background just like landlords do?
If someone won't lease an apartment because of bad credit record, why would you risk your entire company???
I'm not fixed on this, just wondering if there is any rational reason NOT to consider past performance as an indicator of future performance, especially when there are dozens, or even hundreds of applicants for a job??
If someone won't lease an apartment because of bad credit record, why would you risk your entire company???
I'm not fixed on this, just wondering if there is any rational reason NOT to consider past performance as an indicator of future performance, especially when there are dozens, or even hundreds of applicants for a job??
The problem is that "past performance" isn't an indicator of "future performance" at all when the measure of "past performance" measures something that might have very little, if any, connection to the individual's integrity, attention to detail, and general "performance". The fact that many businesses consider credit ratings and financial histories to be good indicators doesn't make them right, just as the entire population of the US rising up and declaring pi to be equal to 3.2 would not make it so.
Often, "industry best practices" are, in fact, bad practices. Simply following the lead of a Fortune 100 company isn't always a good idea and, in fact, is often a very bad idea. If Ben & Jerry's had followed the Amazon.com model, they'd have gone out of business, and if Amazon.com had followed the Ben & Jerry's model, Amazon.com would have gone out of business instead. In addition to that, I think that (in general) offshoring tech services is going to turn out to have been a bad idea across the board for US-based tech businesses, but that's not stopping a great many companies from chasing the specter of instant gratification savings on wages in that manner.
Don't do something just because IBM or Time Warner does it.
Often, "industry best practices" are, in fact, bad practices. Simply following the lead of a Fortune 100 company isn't always a good idea and, in fact, is often a very bad idea. If Ben & Jerry's had followed the Amazon.com model, they'd have gone out of business, and if Amazon.com had followed the Ben & Jerry's model, Amazon.com would have gone out of business instead. In addition to that, I think that (in general) offshoring tech services is going to turn out to have been a bad idea across the board for US-based tech businesses, but that's not stopping a great many companies from chasing the specter of instant gratification savings on wages in that manner.
Don't do something just because IBM or Time Warner does it.
On the financial record side, look at it like this.
Who is more likely to be in need of fast money and more likely to do something illegal to get it?
Someone with no financial problems?
or
Someone with serious financial problems?
Given two otherwise equal candidates which one do you hire? And, if you hire the wrong one, which decision will be easier to defend?
It's just another indicator like a degree.
Lots of people who have degrees are dumb as a post and some who don't were actually too smart to bother (I had an uncle who worked on radar in WWII and was yanked out of school before he completed his degree - just an example.) Bill Gates is a college drop out too.
I'm not saying a financial record is the ONLY guide, but remember that a bankruptcy only stays on the books for 7 years or so and in those seven years the financial pressure must be great. That might make someone work harder, or it might make them take shortcuts.
As for outsourcing. Have you read the new book
The World Is Flat: A Brief History of the Twenty-first Century by Thomas L. Friedman?
It's a very interesting read.
One reason for outsourcing from the U.S. is that so few kids are studying math, science, and engineering, not just financial pressure on companies. (I knew that long before that book was published, but it has a lot more to say on other topics.)
Remember also that you can't think of a company with HQ offices in silcon valley or NYC as an exclusively "American" company. Is it really "outsourcing" when a company is a multinational?
Don't assume by that comment that I am in favor of outsourcing, I'm just looking at all sides of this important question.
CFOs are also looking at the steady drop in the value of the dollar, the surging budget deficit, and the massive trade deficit, all of which portend considerable problems for companies tied too exclusively to the U.S.
The world is a big place and a lot of countries are catching up with us REAL fast as our educational system fails all of us and kids graduate with a feeling of entitlement these days instead of a strong work ethic.
Just some thoughts - I welcome other ideas.
Who is more likely to be in need of fast money and more likely to do something illegal to get it?
Someone with no financial problems?
or
Someone with serious financial problems?
Given two otherwise equal candidates which one do you hire? And, if you hire the wrong one, which decision will be easier to defend?
It's just another indicator like a degree.
Lots of people who have degrees are dumb as a post and some who don't were actually too smart to bother (I had an uncle who worked on radar in WWII and was yanked out of school before he completed his degree - just an example.) Bill Gates is a college drop out too.
I'm not saying a financial record is the ONLY guide, but remember that a bankruptcy only stays on the books for 7 years or so and in those seven years the financial pressure must be great. That might make someone work harder, or it might make them take shortcuts.
As for outsourcing. Have you read the new book
The World Is Flat: A Brief History of the Twenty-first Century by Thomas L. Friedman?
It's a very interesting read.
One reason for outsourcing from the U.S. is that so few kids are studying math, science, and engineering, not just financial pressure on companies. (I knew that long before that book was published, but it has a lot more to say on other topics.)
Remember also that you can't think of a company with HQ offices in silcon valley or NYC as an exclusively "American" company. Is it really "outsourcing" when a company is a multinational?
Don't assume by that comment that I am in favor of outsourcing, I'm just looking at all sides of this important question.
CFOs are also looking at the steady drop in the value of the dollar, the surging budget deficit, and the massive trade deficit, all of which portend considerable problems for companies tied too exclusively to the U.S.
The world is a big place and a lot of countries are catching up with us REAL fast as our educational system fails all of us and kids graduate with a feeling of entitlement these days instead of a strong work ethic.
Just some thoughts - I welcome other ideas.
...from college or high school, one thing you had to do to pass
was effectively argue both sides of the argument. When you start
to look at it that way, you will see that every point you made can
be flipped on it's ear and still be valid.
"Someone with no financial problems?
or
Someone with serious financial problems?"
How about: the thief is far less likely to have financial problems
because he steals technology instead of buying it, doesn't pay
for anything he doesn't absolutely have to, and by nature thieves
enter into very few traceable exchanges out of the desire to stay
out of the scrutiny of others. A neighbor of mine many years ago
had the nicest home, big screen projector, dogs, pickups, boats,
motorcycles... and was arrested for burglary. His credit ws
perfect and he had a full time job that paid well.
I don't see it as an indicator like a degree at all, for one reason:
If I get a degree, you can look up many records about
attendance and scores, and I did the work myself in all
likelihood.
With credit, I could have had a bad marriage to a spendthrift
who ruined our credit together, or even forced me into
bankruptcy. I could have married a compulsive gambler, or an
alcoholic, or a drug user, all without giving you ANY indication
of MY character (other than falling in love with someone who
changed later for whatever reasons).
I just have to disagree that this is any indicator for a company
(unless it's a CFO position). And even more, I feel it may blind
you to good and great candidates.
was effectively argue both sides of the argument. When you start
to look at it that way, you will see that every point you made can
be flipped on it's ear and still be valid.
"Someone with no financial problems?
or
Someone with serious financial problems?"
How about: the thief is far less likely to have financial problems
because he steals technology instead of buying it, doesn't pay
for anything he doesn't absolutely have to, and by nature thieves
enter into very few traceable exchanges out of the desire to stay
out of the scrutiny of others. A neighbor of mine many years ago
had the nicest home, big screen projector, dogs, pickups, boats,
motorcycles... and was arrested for burglary. His credit ws
perfect and he had a full time job that paid well.
I don't see it as an indicator like a degree at all, for one reason:
If I get a degree, you can look up many records about
attendance and scores, and I did the work myself in all
likelihood.
With credit, I could have had a bad marriage to a spendthrift
who ruined our credit together, or even forced me into
bankruptcy. I could have married a compulsive gambler, or an
alcoholic, or a drug user, all without giving you ANY indication
of MY character (other than falling in love with someone who
changed later for whatever reasons).
I just have to disagree that this is any indicator for a company
(unless it's a CFO position). And even more, I feel it may blind
you to good and great candidates.
I am amazed that the same companies who will say "any technology older than 18 months is pass?" want a prospective employee to fill out a cradle-to-present job application that touches not at all on the skillset required for the job.
This may dovetail with my general belief that most corporations? idea of "strategic planning" extends no further than this coming Friday?s earnings guidance, however.
This may dovetail with my general belief that most corporations? idea of "strategic planning" extends no further than this coming Friday?s earnings guidance, however.
Large corporations frequently fall victim to 'groupthink'. Ill-concieved ideas often become gospel. It seems no one considers or observes the consequences of the idea.
Take password policy for example. sarb-ox auditors are suggesting that password policy should prevent password reuse, and require 60 day or more frequent changes. Everyone seems to accept that this improves security.
The observed result however is that this has lead to no change in the strength of user passwords, and an increase in the number of passwords which are written down.
but if you challenge the concept, all you get is cow-in-headlights-of-oncoming-train stares.
Take password policy for example. sarb-ox auditors are suggesting that password policy should prevent password reuse, and require 60 day or more frequent changes. Everyone seems to accept that this improves security.
The observed result however is that this has lead to no change in the strength of user passwords, and an increase in the number of passwords which are written down.
but if you challenge the concept, all you get is cow-in-headlights-of-oncoming-train stares.
In my somewhat unskilled capacity (picked up IT on a "need to know" basis from software/systems providers in my previous employment)as systems administrator for a fairly new company, your article was extremely pertinent and will be forwarded to the M.D. I liked the fact that, although you are obviously highly skilled in this area, your article was still understandable, without being condescending, to those with more limited ability/on a learning curve.
For what it is worth, I am highly paranoid about security/viruses/updating on my home system!
Many thanks for the info and hopefully more to follow.
Nicki
For what it is worth, I am highly paranoid about security/viruses/updating on my home system!
Many thanks for the info and hopefully more to follow.
Nicki
While I agree that those are common mistakes. Turning down a person only because they experinced a hardship could be a mistake as well. I had some negative credit once but that made me no less devoted to the man who went by his gut and gave me the job I needed to correct the problem. I know all to well about going by the gut when judging people. Since I started in Security my gut has never let me down. True, in certain areas a hardship is cause for a red flag. On the other hand not all of ones problems are on a neat print out for us to see. The last network breach I helped with, involved a 50 year old bookeeper and a well respected business man. Both had perfect records. Because of this the issue was swept up and no charges were pressed.
I truly believe that was the biggest mistake made by the company.
Thank you for a great article. It really made me stop and think.
I truly believe that was the biggest mistake made by the company.
Thank you for a great article. It really made me stop and think.
I am personally affronted by your inclusion of "financial" distress and a recent bankruptcy as a job screening mechanism.
I lost my job because I stood up and prevented a fraudlent supervisor from raiding the pension fund assets. He saw to it that my career was ruined. I went through all my accrued retirement benefits and over 100,000 in credit card debt before I got out of denial and changed careers.
Then I had to have part of my colon removed.
My wife got cancer and had to have a breast removed.
No insurance.
There is clearly no way I will ever repay these debts. I am the guy for which banrupcy was designed.
Bad news: If I file chapter 7, I am then totally unemployable.
Thanks Mr. screener - spread the word some more !!
Of course, now I seem to have developed a large malignant nodule on my jawbone. Still no insurance. So, perhaps it makes no real difference any longer anyway!
To make the point: I am consciously choosing to avoid seeking treatment because the pain of a successful treatment is more than the peace offered by His intentions.
No longer angry, just trying to add a bit of humility to the journalist's who have "all the answers."
Enjoy
I lost my job because I stood up and prevented a fraudlent supervisor from raiding the pension fund assets. He saw to it that my career was ruined. I went through all my accrued retirement benefits and over 100,000 in credit card debt before I got out of denial and changed careers.
Then I had to have part of my colon removed.
My wife got cancer and had to have a breast removed.
No insurance.
There is clearly no way I will ever repay these debts. I am the guy for which banrupcy was designed.
Bad news: If I file chapter 7, I am then totally unemployable.
Thanks Mr. screener - spread the word some more !!
Of course, now I seem to have developed a large malignant nodule on my jawbone. Still no insurance. So, perhaps it makes no real difference any longer anyway!
To make the point: I am consciously choosing to avoid seeking treatment because the pain of a successful treatment is more than the peace offered by His intentions.
No longer angry, just trying to add a bit of humility to the journalist's who have "all the answers."
Enjoy
CNET is carrying a story saying that schools in California are responsible for more personal information being stolen than any other institution in the state. (28% since 2003)
http://news.com.com/Some+colleges+falling+short+in+computer+security/2100-1029_3-5653140.html
http://news.com.com/Some+colleges+falling+short+in+computer+security/2100-1029_3-5653140.html
Unsecured laptops with unencrypted confidential data, social security numbers sold willy nilly by data brokers to identity thieves, trade secrets posted in blogs. It certainly looks like the asylum has been taken over by the patients. We need severe penalties for mishandling confidential information, before all identities are controlled by organized crime and terrorists.
Craig Herberg
Craig Herberg
The easiest way to stop half of the crap that's going on is to make people personally liable for their careless or negligent actions. In this case, the people who lose the laptops would have to reimburse any financial losses resulting from the release of data on the laptop.
It will work. Title 49 of the Code of Federal Regulations specifies that the people who pack, label, certify and transport hazardous material shipments are personally responsible for their work. Since the initial passage of these regulations, the number of Hazmat incidents caused by poor packing and labelling or commingling of incompatible materials has fallen to almost zero.
It will work. Title 49 of the Code of Federal Regulations specifies that the people who pack, label, certify and transport hazardous material shipments are personally responsible for their work. Since the initial passage of these regulations, the number of Hazmat incidents caused by poor packing and labelling or commingling of incompatible materials has fallen to almost zero.
You (the author) wrote in relation to using credit checks to screen employees "it's a common practice because it works". I'd like to know how you know it works? What research or evidence are you basing that statement on?
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
