Watching your back: countering industrial espionage the intelligent way

October 2002 News

To many companies security badges, sign-in sheets, video cameras and other physical surveillance methods create a wall of protection against information theft. However, with most penetrations and information loss coming from within an organisation, these measures alone cannot adequately protect a company.

"Most penetrations and compromises are perpetrated by the target's own employees, by electronic or cyber intrusion, surveillance or photography," said Howard Griffiths, managing director of Griffiths & Associates. "In addition, significant amounts of company strategy are often given away in company websites, publicity material and at trade fairs, all unwittingly," he said.

"The official FBI statistics in the US are that at any one given period in time, that bureau has nearly 1000 open investigations into extremely serious cases of economic espionage of trade secret thefts," Griffiths said. "The only way to counteract activity on this scale is for companies to implement both reactive and preventative counter intelligence programs."

These programs should include employee training, site surveys, inspections and investigations. The company should also develop and maintain files on alleged, reported, and actual attempts at penetration. "Every company must have a counter intelligence manual outlining procedures for the protection of sensitive information, including how to handle incidents that occur," said Griffiths. These manuals should then be made available to personnel within responsible offices so that any incident can be dealt with promptly and consistently.

Overall strategy

The first step in developing such an overall strategy must be the conducting of a vulnerability assessment. The following checklist of important issues is an example of the type of information to be collected in this assessment:

* Employee names, titles, and position, for employees in sensitive positions.

* Responsibilities and types of access to sensitive data.

* Identification of those with whom each employee is authorised to share sensitive information.

* Audit trails and records kept relative to individuals who have been given access to proprietary data.

* Activities where employers could be approached by intelligence gatherers, such as seminars and workshops. Employees should be asked to describe any contacts initiated by other persons seeking any type of corporate data.

* Any gratuities offered or received from providing any type of corporate data. Employees should be asked to identify all types of corporate data being elicited and what responses were given and any ensuing conversation with the person asking for the information.

"The information gathered from this checklist and the general assessment will indicate strengths and weaknesses in the company's protective posture," said Griffiths. It will help security personnel determine which of the company's operations might be likely targets of business intelligence efforts and, just as importantly, allow the company to determine which counter intelligence strategies to put into place."

For more information contact Howard Griffiths, Griffiths & Associates, 011 786 8556, howard@griffithsonline.co.za





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Online fleet management system
Issue 1 2020 , News
Fleet Domain’s online Fleet Management Information System is reducing operating costs and improving safety for South African logistics firms.

Read more...
Digital insurance bundle for assets and devices
Issue 1 2020 , News
My CyberCare is a specialist provider of personal, and SMME online cyber insurance, cyber detection and cyber monitoring solutions for both local and global consumption.

Read more...
IDEMIA to supply Morocco’s national electronic ID cards
Issue 1 2020, IDEMIA , News
IDEMIA will supply Morocco with national electronic ID cards and introduce a secured digital identity online services platform.

Read more...
Rockwell Automation to acquire Avnet
Issue 1 2020, Rockwell Automation , News
Rockwell Automation announced it has signed an agreement to acquire privately held Avnet Data Security, an Israeli-based cybersecurity provider with over 20 years’ experience providing cybersecurity services.

Read more...
Do we really want simplicity?
Issue 1 2020, Technews Publishing , News
Everything today has to be simple, easy and fast. Even access to your bank account has to fit these adjectives and banks spend significant time and money trying to ensure their web and mobile interfaces ...

Read more...
Longse Distribution to become LD Africa
Issue 1 2020, LD Africa , News
Brendon Whelan, sales manager for Longse Distribution, announced that the company officially changed its name to LD Africa as of 20 January 2020.

Read more...
Three expos in one
Issue 1 2020 , News
Looking ahead to 2020 Vision: combined Securex South Africa, A-OSH EXPO and Facilities Management Expo 2020 promises to be even bigger and better.

Read more...
Security events you can’t miss in 2020
Issue 1 2020, Technews Publishing , News
Hi-Tech Security Solutions will host a number of focused events in 2020 to highlight the latest in security technology and the operational benefits they deliver.

Read more...
David Shapiro to chair ESDA
Issue 1 2020, ESDA (Electronic Security Distributors Association , News
The Electronic Security Distributors’ Association (ESDA), established in 1989, has elected David Shapiro as its chairperson for 2020.

Read more...
Dimension Data debuts fifth business
Issue 1 2020 , News
Dimension Data has launched its fifth business in the MEA region, Dimension Data Security, aimed at helping organisations in the region address the challenges of today’s rapidly evolving threat landscape.

Read more...