Virginia spends $220 million on end-user hardware, print services
September 25, 2018
Two final contracts under the state's new multi-vendor IT sourcing model prepare the state for a transition the technology agency has been working on since 2015.
Commentary: Business management consultant and the editor of backgroundchecks.com says a few recent close calls illustrate the risks agencies face when they skimp on background checks for new hires.
Michael Klazema is the Chief Marketing Technologist at VODW and the lead author and editor for backgroundchecks.com....
There is often an assumption that public agencies have the most thorough and foolproof background check policies of any organizations. Someone might point to the federal government’s lengthy and in-depth security clearance to defend this assumption. Contrary to the public’s perception and even internal assumptions, many government agencies have the same holes in their employee screening processes private businesses do.
Just as private employers skip background checks for new hires with potentially disastrous consequences, government agencies cut corners in their vetting processes, leaving their agencies vulnerable at every level.
Falling through the cracks
Cautionary tales about employers failing to conduct background checks on the people they hire are not rare. These stories can be found at every level of the professional world and across all industries, from the smallest startups to the biggest government agencies.
One notable recent story: the tale of Imran Awan, an IT contractor who worked as a shared employee for the Democrats of the House of Representatives. For many members of Congress, Awan was the go-to person to call when they forgot their passwords. Some 80 Congressional members relied on Awan for IT support, giving him temporary access to their email servers.
Awan is currently facing charges for bank fraud. He has also been accused of stealing equipment from Congress.
While Congress rules require all shared employees to submit to a Capitol Police Criminal History Records Check — due in part to the access they have to sensitive information — Awan never had that type of check. The loophole is this background check only needs to happen once, after which Congressional members can check a box on paperwork that says another member of Congress has already verified the trustworthiness of the shared employee. Essentially, everyone who called upon Awan’s services simply ticked this box, and no one took the responsibility of ensuring he was properly vetted.
The story of Awan involves the problem of accountability. One Congressional member must have vouched for Awan by checking the box that said he was trustworthy. After that, every other member followed suit, perhaps unaware they were working with someone who had never been properly vetted.
Travis Lee Bailey, an ex-employee of the Utah Department of Technology Services, brings a different controversy to the table. According to the Salt Lake Tribune, Bailey is “a wannabe spy,” a non-practicing attorney who went to work for the Utah government because he wanted to find sensitive information he could sell to Russia. Bailey did go through a criminal background screening to get an administrative secretary job for the Department of Technology Services, as well as a reference check.
What the department apparently missed was an Amazon.com listing for a book Bailey wrote called "America’s Other War: Terrorizing Colombia."
The synopsis of the book includes a clear mention of Bailey smuggling documents to Russia. Bailey himself has boasted to the Salt Lake Tribune about his efforts to become a Russia informant. He’s also mocked the lax security at the Utah State Capitol.
A spokesperson for the Department of Technology Services says Bailey was just an administrative secretary and did not have access to anything sensitive. However, the department is looking through Bailey’s computer to find out what he might have learned and shared.
Room for improvement
Both scenarios show how unpredictable employees can be and how much risk a single person can bring into a government agency. In both situations, potentially untrustworthy people were put within an arm’s length of government computer and email systems. In the case of Awan, the lack of a background check may have jeopardized sensitive information belonging to some of the highest-ranking officials in government.
Neither case has gotten massive mainstream media coverage, largely because no leaks have been reported in either situation. Rather, these stories are about a troubling pattern playing out at all levels of government in which public agencies are opening themselves up to astonishing levels of risk by not completing thorough vetting procedures.
Both the House of Representatives and the Utah Department of Technology Services should view these oversights as close calls that could have easily gone worse. Awan could have easily used the email accounts in question to impersonate members of Congress or to steal sensitive information and pass it along to the wrong hands. Stakes were lower in Bailey’s case, but the image of a government agency hiring a wannabe Russian spy — especially at this moment in history — is disturbing.
Government entities can use the lessons learned from these close calls to improve their vetting policies.
Thorough background checks, both formal and common sense-based, are a must for every employee, no matter the job, industry, or work setting. At minimum, running background checks can shield government offices from liability and public embarrassment. At best, they can protect the country’s national security from clear and present danger.
Implementing stronger background check policies is just the first step. Government agencies also need to close loopholes, such as the one that allowed Awan to provide personal IT services to dozens of congressional members. They need to train their employees or elected officials about the importance of background checks and make sure that everyone with the authority to hire someone is being held accountable for those requirements.
Lastly, there need to be consequences for oversight. Private employers understand the risk of not running background checks, from negligent hiring claims to financially devastating lawsuits and PR and branding implications that are sometimes impossible to overcome. Government agencies are somewhat shielded from these image-based consequences. This protection makes it more difficult to establish accountability, and without accountability, comprehensive adoption of thorough government background checks can’t happen.
Michael Klazema is the Chief Marketing Technologist at VODW and the lead author and editor for backgroundchecks.com.