Information is probably a company's most valuable asset. We would all like information about our competitors' products, pricing structures or unique selling points - in fact any information that would give us the commercial edge over them. This edge could mean winning or losing a significant contract. But how far will we go to obtain this information?
There are no official UK statistics. However, the estimated spend on eavesdropping products in the UK alone is £10m each year - and there are indications to suggest that this figure may be much higher. Espionage is real and on the rise, but no company wants to admit it has been the victim of an eavesdropping attack. It affects share price, undermines confidence and compromises client security and confidentiality.
The Security Service (MI5) recently advised that 'The UK is a high priority espionage target,' and business travellers should be aware of 'spies and honey traps.' Recent press reports have highlighted the increase in espionage. In particular, it is known that countries such as China are targeting UK commercial interests by obtaining intellectual property information, designs, materials, and indeed any useful information. It has been estimated that UK interests are being targeted by as many as 20 countries at the current time.
Companies involved in takeover bids, mergers and acquisitions work, negotiations surrounding major new contracts and processing of sensitive information are also at risk from espionage.
How does someone obtain the information they want? It may be as simple as a member of staff chatting to, and discussing company business with, an ex-colleague, or it could be a disgruntled member of staff with the access and motive to install an electronic eavesdropping device on behalf of someone who would benefit from the information. But threats do not come solely from competitors or overseas countries. Inter-directorship and shareholder issues can pose an equally devastating risk to business continuity.
Low cost, readily available electronic equipment can seriously compromise client security and confidentiality. Listening devices can be bought for as little as £10-£15 on any high street. They can take seconds to install and can be concealed in practically anything that is found in the office, home or car. The effects of an espionage attack - either financial or on reputation - can be devastating to an organisation of high profile individuals.
Modern day communications, such as mobile telephones, bluetooth, PDAs and Wi-Fi lend themselves open to technical attack, as they can be intercepted without the users' knowledge. Recent press reports highlighted Ipods as the latest threat to company secrets, as they make ideal tools with which to steal information - a process known as 'pod slurping'.
Are you under threat?
Any of the following could indicate a potential problem.
- Do your competitors know your business? Do you have information which would be commercially valuable to them?
- Have you become aware that others know what your company is about to do before you announce it (a clear sign of leaking)?
- Have directors' or executives' telephones changed in sound recently?
- Have they noticed that furniture or desk items do not seem to be in quite the right place?
- Are there new items in their offices that they have not noticed before?
- Have there been unexplained visitors to your sites?
If the answer to any of the above is yes, your company may well be the victim of a bugging operation that will seriously damage its competitive edge or reveal its most confidential business plans.
Countering the threat
Consider conducting pre-employment screening of all staff. Ensure that appropriate physical security measures are in place, such as locking offices and restricting access to areas where sensitive information is kept. Implementing a clear desk policy and ensuring that all company information is locked away at the end of the business day will go a long way in reducing opportunities for espionage.
With the introduction of personal liability for directors in connection with corporate governance issues and compliance, most high performing organisations have their offices swept for listening devices once or twice a year. This may be increased if an organisation is at a heightened period of risk, such as when it is about to make pre-results announcements.
Sweeping - known as technical surveillance countermeasures - involves conducting a detailed vulnerability assessment, silent and passive technical sweeps of premises, including mains, telephone, computers and cabling, and a thorough physical search of premises. The inspection may also identify additional areas where an organisation may be losing information, such as through IT, bluetooth, unencrypted systems and broadcasting equipment.
Safe speech environment
Forward-thinking organisations are now finding that clients are insisting on discussing their business affairs in 'safe speech environment'. To be in the position where your company can promote the fact that it has safe speech areas is a move that will not only ensure corporate compliance but assist new business acquisition from increasingly security-conscious corporate clients.
Emma Shaw is managing director, Esoteric Ltd, Tel: 01483 306200, E-mail: ejshaw@ esotericltd.com www.esoteriltd.com