Corporate espionage can occur in many forms, whether through Technical Surveillance (using covert listening devices) or physical theft of confidential material. The best method of assuring conversations and confidential information is kept secret from Technical Surveillance is to employ a Technical Surveillance Countermeasures (“TSCM”) inspection with a team of trained technicians using sophisticated, modern equipment; but this is just one tool an organization must use to combat the threat of espionage. Here are six common ways confidential material is stolen and ways you can mitigate the threat.
1. Properly Dispose of Confidential Waste
“Dumpster diving,” “waste archaeology,” and “trashing” all refer to theft of discarded paperwork in an effort to cull valuable information. This is believed to be one method of business and personal espionage. It is important to ensure that confidential waste does not fall into the hands of unauthorized individuals. One of the most common ways corporate information leaks or is stolen is through the insecure processing, storage, and destruction of confidential waste.
Corporate officials should ensure that waste is not left in bins inside unoccupied offices unless they are locked and secure. Confidential waste should be shredded as it is produced throughout the day or at the conclusion of each day by a trusted member of the staff or by a reputable corporation. A high security grade level crosscut shredder or reputable shredding service should be used.
2. Authorize All Visitors
When accepting visitors to the corporate office or residence, always ensure they are identified and that they are authorized to visit the site at that time. Information thieves or other intruders commonly use social engineering and deception to gain access to their targets. Attention must be given to all service personnel, cleaners, pest control, maintenance workers, and delivery persons. Visitors should be escorted by someone representing the company’s interests and never be allowed to roam unescorted within areas containing sensitive information or where sensitive conversations occur. Any regular visitors including cleaners or maintenance personnel should have to undergo background screenings to ensure their integrity.
3. Inspect Gifts
All gifts received by executives should be checked for the presence of eavesdropping devices. Eavesdropping devices have been found installed in all manners of everyday items including pictures, ornaments, lamps, tape dispensers, and plaques.
4. Inspect Vehicles
Vehicles used by senior executives should regularly have TSCM inspections completed to ensure that no eavesdropping equipment or tracking devices are present.
5. Have a Mobile Telephone Security Plan
A mobile phone inspection policy should be incorporated by corporate security and information technology departments. There are spyware programs that can be installed on targeted phones and run undetected by manipulating the phones’ software into performing surveillance functions. These applications, when installed on a host phone, can provide an eavesdropper with the following:
If a corporate official misplaces or loses control over the phone it will only require minutes to load malicious software. This is an emerging problem and must be considered a serious threat to secure mobile communications. If you suspect your phone is compromised you should acquire a new phone as soon as practical and limit communications until changed. The following features on cellular phone should include:
6. Technical Surveillance (“bugs”)
Electronic eavesdropping devices can be concealed in any room, device, furnishing, or container that would typically be found in an office or home setting. Technological advancements are introducing eavesdropping devices that are smaller, more sophisticated, less expensive, and easier to conceal than ever. Video as well as audio can be captured, recorded, transmitted, or monitored live.
To learn more about the Technical Surveillance Threat, including types of devices used, typical target environments, and appropriate Countermeasures, please read our two-part whitepaper TECHNICAL SURVEILLANCE TODAY: THREAT – RISK – PREVENTION.