Your organization has called an important company board meeting to discuss a top-secret product development project. If this unique product idea gets leaked to your competitors, the consequences could be dire. On the day of the meeting, the organization’s key stakeholders are either in the conference room or connected by video conferencing.
The meeting goes well, and plans are set in motion.
However, you later discover your competitor has beat you to market with the same product idea. How could this have happened?
Your business or organization could be the victim of corporate espionage. Someone could be collecting competitive intelligence through unethical means, such as listening devices, video surveillance, or even something as basic as rummaging through your trash. Whether the threat comes from bugging devices at a one-time event or ongoing surveillance at your corporate site, organizations need to be aware of surveillance techniques to uncover the threats, determine who is behind the intelligence gathering, and implement security systems to prevent future breaches.
Competitive intelligence gathering
Your competitors and corporate rivals want to know what is said at your meetings with shareholders, new business partners or clients, and new product development teams. They may be seeking information about your financial outlook or access to your intellectual property, stopping at nothing to gain that information — which is easier than ever for them to obtain.
Advanced wireless devices such as covert listening devices, miniature transmitters, hidden micro cameras, or concealed and wearable recording devices are easy to purchase can be very inexpensive. Employees or someone with access to a conference room, such as a cleaning crew team member, could be paid to place a device in a conference room or collect paper trash afterward, or look for computer passwords left on desks or taped under keyboards. Therefore, safeguarding your company secrets requires a preventative approach.
The most common surveillance targets are CEO offices, their private conference rooms, and assistants’ work area since these spaces are the most likely locations for strategic meetings where valuable company information is discussed. These areas should be swept for bugging devices before critical meetings and at regular intervals, based on the level of risk.
Finding the breach with technical surveillance countermeasures
If you suspect that someone is obtaining company secrets or you’ve already experienced a damaging leak of information, we recommend screening for potential threats to prevent further leaks. Technical Surveillance Countermeasures (TSCM) examinations can be performed to look for surveillance equipment or detect other risks. These can be done before an important meeting, at an off-site event, or at your site at regular intervals. A TSCM examination may include such tactics as:
- Full Radio Frequency (RF) Spectrum Analysis
- Infrared Spectrum Analysis (IR)
- Detection of transmitting devices in the electrical system/wiring
- Computer Forensics exam (for example, searching for emails that mention a sensitive topic after a meeting has taken place to look for leaks)
- Disruption of laser frequencies with static “white noise” and/or window coatings to prevent laser listening systems from gathering micro-vibrations from the surface of a window to listen in on conversations from outside of a room
In addition to high-tech counter-surveillance sweeps, a TSCM examination can also include conducting physical searches for:
- Idle surveillance equipment that may be turned off or out of batteries
- Cameras or microphones in the ceiling
- Reflections from camera lenses
- Radio transmitters that could broadcast to an external radio
- Bugged telephones and Polycom phone systems turned into listening devices
- Passwords left on desks or under keyboards
- Computers left on and logged in
- Inadequate document disposal and shredders
Counter surveillance techniques off site
Important business meetings held off-site at hotel convention centers can be easy opportunities for surveillance. Sweeps of the meeting rooms, guest rooms, or bathrooms can be done, and once the sweep is complete, security staff should maintain custody of the room to ensure the room stays free of bugs until after the meeting.
Other off-site areas that can be targeted include:
- Executive cars, especially if using valet parking
- Cell phones, at risk of Trojan horse software that can allow someone to listen to all the conversations or steal data from email or text messaging
After the TSCM examination
For organizations who suspect an information leak, a TSCM examination is just the stepping-off point for a full analysis and investigation. A full security assessment may be necessary. If surveillance equipment is found during the TSCM examination, it should not be removed immediately because it can be used to determine out who placed it there.
Systems should be established to prevent this kind of activity. These policies and procedures should be developed and communicated to employees regarding the handling of passwords, access, and confidentiality agreements. In addition, embedded and dedicated security personnel may be needed to watch, learn, listen and report on surveillance threats.
Are you at risk of corporate surveillance?
In today’s interconnected world, organizations are hungry for that competitive edge that will help crush their competition, and sometimes they will go to great lengths and unethical means to get that edge. Still, most organizations feel that industrial espionage and surveillance does not happen in real life, it only happens in the movies. However, all it takes is a hungry competitor or a disgruntled employee to initiate a breach of your company secrets, and your company’s most important information and conversations could get into your competitor’s hands in an instant.
What proprietary business information could cause damage to your organization if your competitor was able to listen in on your meetings? Have you done all that you can to protect that information? For more information on how you can protect your organization, contact your Pinkerton Risk Advisor.
This article was originally published September 09, 2014 and has been updated.