You’re at an important company board meeting discussing a top secret product development project. If this unique product idea gets leaked to your competitors, the consequences could be dire. The key stakeholders are in the conference room or participating via conference call. The meeting goes well and later you find out your competitor has beat you to market with the same product idea. How could this have happened? Your business or organization could be the victim of corporate espionage. Someone could be collecting competitive intelligence through unethical means, such as listening devices, video surveillance, or even something as basic as rummaging through your trash. Whether the threat comes from bugging devices at a one-time event, or ongoing surveillance at your corporate site, make sure you are aware of surveillance techniques, find the threats, determine who is behind the intelligence gathering and put systems in place to prevent future breaches.
Competitive Intelligence Gathering
Your competitors and corporate enemies want to know what is said at meetings with shareholders, new business partners or clients or new product development teams. They may be seeking information about your financial outlook, or access to your intellectual property. Some companies will stop at nothing to gain that information and for many reasons, it’s easier than ever for them to get it. Today, surveillance is easier than ever. Advanced wireless devices such as covert listening devices, miniature cameras, concealed, wearable recording devices or hidden micro-cameras are just a click away online and can be very inexpensive. Employees or someone on the cleaning crew could be paid to place a device in a conference room or collect paper trash afterwards, or look for computer passwords left on desks or taped under keyboards. Safeguarding your company secrets requires a preventative approach. The most common surveillance targets are CEO offices, their private conference rooms, and assistant’s work area, since these spaces are the most likely locations for strategic meetings where valuable company information is discussed. These areas should be swept for bugging devices before critical meetings and at regular intervals, based on the level of risk.
Technical Surveillance Countermeasures
If you suspect that someone is obtaining company secrets or you’ve already experienced a damaging leak of information, we recommend screening for potential threats to prevent further leaks. A TSCM (technical surveillance countermeasure) examination can be performed to look for surveillance equipment or detect other risks. These can be done before an important meeting, at an off-site event, or at your site at regular intervals. A TSCM examination may include such counter surveillance tactics as:
- Full Radio Frequency (RF) Spectrum Analysis
- Infrared Spectrum Analysis (IR)
- Detecting transmitting devices in the electrical system/wiring
- Computer forensics (for example, searching for emails that mention a sensitive topic after a meeting has taken place to look for leaks).
- Disrupting laser frequencies with static “white noise” and or window coatings to prevent laser listening systems from gathering micro-vibrations from the surface of a window to listen in on conversations from outside of a room.
- Conducting a physical search looking for:
- Idle surveillance equipment that may be turned off or out of batteries.
- Cameras or microphones in the ceiling.
- Reflections from camera lenses.
- Radio transmitters that could broadcast to an external radio.
- Bugged telephones. Polycom phone systems are easy to turn into listening devices.
- Easily found passwords left on desks or under keyboards.
- Computers left on and logged in.
- Document disposal and inadequate document shredders.
Counter Surveillance Techniques Off-Site
Important business meetings held off-site at hotel convention centers can be easy opportunities for surveillance. Sweeps of the meeting rooms, guest rooms, or bathrooms can be done, and then security staff should maintain custody of the room to ensure the room stays free of bugs until after the meeting. Executive cars can be targeted and especially at risk if using valet parking, as well as executive phones which are susceptible to Trojan horse software that can allow someone to listen in on all the conversations or steal data from email or text messaging.
After the TSCM Examination
What happens if listening devices are found during a sweep? If surveillance equipment is found during the TSCM examination, it should not be removed immediately because it can be used as a trap to find out who put it there. The TSCM examination is just the stepping off point for a full analysis and investigation. Suspects need to be interviewed. A full security assessment may be necessary if many problems are found. Systems should be established to prevent this kind of activity. Embedded and dedicated security personnel may be needed to keep security at the forefront of executives’ minds, staff who can be there to watch, learn, listen and report on surveillance threats. Everyone in the organization can contribute to prevent leaks. Policies and procedures should be developed and communicated to employees regarding the handling of passwords, access, and confidentiality agreements.
Are You at Risk of Corporate Surveillance?
Companies are hungry for that competitive edge that will help crush their competition. They may hire corporate surveillance companies to gather company secrets from their competitors, often through unethical means. Low level employees with low moral or low paid personnel from external maintenance services can be paid off to gather intelligence or plant bugs. Most companies are naive and feel that industrial espionage and surveillance does not happen in real life, it only happens in the movies and “cannot happen here.” They feel they can trust all of their employees like family. But all it takes is a hungry competitor and a disgruntled employee passed over for a promotion to initiate the leaking of your company secrets that could be devastating to your business. Then, with the preponderance of equipment easily available, your company’s most important information and conversations could get into competitors hands in an instant. What proprietary business information could cause damage to your company if your competitor was able to listen in on your meetings? Have you done all that you can to protect that information? Contributing author: Doug Cunningham, Director of Operations, Chicago Field Office