Espionage! The word sounds like some kind of Cold War reference. However, espionage within corporations is alive, well, and happening every day. Generally referred to as corporate or industrial espionage, it is the practice of gathering information about an organization. Many times that information is just that – ‘gathering information’. However, some forms of corporate espionage involve stealing trade secrets, client information, formulas or recipes, planning or marketing strategies and can involve activities like bribery, blackmail, and technological surveillance.
Although Industrial espionage tends to happen to larger organizations such as technology, biotechnology, and aerospace companies, any organization with information that is of use to a competitor can be a worthy target. Recent companies that have been targeted by industrial espionage are Lockheed Martin, Valspar, and DuPont. It’s good to point out though that although these companies were mostly targeted by large foreign companies, industrial espionage can happen from within your company by your own employees. So no one is really immune.
So how does a company protect themselves from this type of activity? Here are a few tips that can help to reduce the ability of your competitor to steal your proprietary information.
Once your organization no longer requires certain documents it’s vital to have a shredding policy in place. Most information that’s stolen is in the form of documents that are not guarded or even needed any longer. Documents that are just laying around make it easy for someone searching for information. They can either just grab the documents and walk out or copy the documents and put the originals back.
This information highlights two key points. First, any information that might be essential or proprietary should be carefully guarded or locked up so that only employees that need the information are able to access it. Second, any documents that are no longer needed must be shredded immediately before they are discarded. Having a regular shredding process that involves a company policy for all employees as well as scheduled pick up of shreddables by a trusted shedding company is vital.
Print Only What Is Necessary
The more information that is printed the more likely it can fall into the wrong hands. So only print sensitive information if it’s absolutely necessary and then make sure that it is protected until it gets the intended person. Also, make sure documents with vital information are not left lying around on desks. It is very easy for them to be stolen, copied, or photographed.
This one was touched on in the first point but needs to be reiterated. If a document contains essential or highly sensitive information it should be locked in a file cabinet and the office that the file cabinet is in should be locked as well when no one is in there. This will prevent employees or anyone else wandering around from seeing or stealing information that could cause damage to your company if gotten into the wrong hands.
Keep Security Software Up To Date
The internet is rife with hackers phishing for sensitive data that they can make a financial windfall on. So it is vital for all organizations to make sure their firewalls, anti-virus, and anti-Trojan software is up to date. These types of software help protect your company from falling victim to corporate espionage via internet hackers. Making sure everything is in place and updated will go a long way in protecting your company’s assets.
Have Proper Employee Procedures In Place
One of the best ways to help prevent industrial espionage is to make sure you know who you have working for you. Your organization should do background checks on all new employees to look for factors that might indicate that they are a high risk to your company. Proper background checks can reveal past behaviors or connections to competitors that might point towards a possible mole, bad influence, or someone who could be easily manipulated by industrial hackers.
It is also advisable to do periodic background checks on current employees in order to help raise red flags on those that might be engaging in industrial espionage. Some signs to look for are sudden increase in their standards of living, unexpected trips, and increased debt. These factors can indicate that something new is going on in their lives that are not congruent with their past lifestyle choices and that are not supported by their current income with your company.
Once you have employees working for your company, it’s important to make sure they are well educated on how to protect the company’s resources from competitors. They also need to be educated on the ways of social engineering so they are less likely to fall victim to it. Social engineering is a method used by hackers to get someone to divulge information that will allow the hacker access into the company’s systems.
Making sure your employees understand what potential risks the corporation faces and how competitors seek to get information will help your employees realize that the threats are real. It can also get them to understand their part in keeping the company secure. Teaching them about the simple security practices they should be using as well as methods used by hackers to get information, will help to bring awareness to their minds and that can make all the difference.
Monitor Employee Activity
It may sound a bit intrusive or Orwellian but when it comes to protecting corporate data it can be very effective to monitor employee activity. There is software available that every IT department should know about, that tracks every action made in the computer system. Software like this helps to detect any unusual activity that may be taking place and allows your company to take action before it’s too late.
Also, making employees aware of the fact that their activities are being tracked can be an effective deterrent when it comes to industrial espionage. Knowing that everything they do is fully visible and transparent makes it a lot harder for someone looking to conduct an act of industrial espionage to actually carry out the action.
Having proper termination procedures in place is an absolute must when it comes to industrial espionage. Why? Because in many cases industrial espionage happens in the last couple of weeks that an employee works for you.
Another common issue in many corporations is that employee credentials remain active after the employee is terminated. This security oversight allows the terminated employee access to the company’s sensitive data even though they no longer work there.
Having proper termination procedures in place will make sure that all terminated employees are removed from the system and their credentials are also terminated immediately. This assures that there will be no surprises from any actions they perform after leaving your organization.
DataOne can help you to secure your organization’s network and lessen the chances of experiencing industrial espionage. Click here and contact us today to get started!