Safeguard your business against economic espionage
May 19, 2014
Safeguard your business against economic espionage
Economic or industrial espionage is on the rise in South Africa. It is no longer just the theme of cloak and dagger films about double agents and moles but a costly reality that exists right here on our African doorstep.
Foresight Advisory Services’ Heine van Niekerk says economic espionage is one of the major risks of doing business today and if preventative measures are not put in place, could result in millions being lost due to stolen trade secrets, R&D and products that would have provided a competitive advantage. In their published paper, ‘Industrial Espionage Threat in Corporate South Africa’, Rabelani Dagada and Seth Mukwevho explain economic or industrial espionage as follows: “Business rivals apply a number of instruments, and at times hire intelligence services to steal strategic business information. In the domestic environment, human and technical sources of intelligence are the most preferred means of perpetuating this criminal activity.”
Getting tough with technology
63% of global organisations believe they cannot stop theft of confidential information and 57% do not think that their organisation is adequately protected from advanced cyber attacks. This has been revealed by the 2014 ‘Exposing the Cybersecurity Cracks: A Global Perspective’ report based on the Ponemon Institute survey of nearly 5 000 global IT security practitioners.
The PWC Global Economic Crime Survey 2014 confirms that it is a growing concern globally, with one in four respondents reporting that they have experienced a cybercrime and over 11% of these suffering financial losses of more than US$1 million. “Cybercrime reports continue to increase in volume, frequency and sophistication. It is the fourth-most reported type of crime in this year’s survey. And fundamentally, cybercrime is not just a technology problem – it is a business strategy problem.”
So, do you have a strategy in place to secure your information communication platforms?
1. Secure your email communication
Email has become the primary means of communication in most businesses, especially as more companies embrace the idea of telecommuting (employees working from home). In 2014, the typical corporate email user sends and receives about 120 emails per day, according to the ‘Email Statistics Report, 2011-2015’ produced by The Radicati Group.
But emails may not be as innocent as they seem. Many employees store crucial business information on emails, with some companies preferring web-based email services like Gmail and Webmail. “This is a major risk to the integrity of business knowledge management, and encourages industrial espionage,” comments Dagada and Mukwevho in their paper.
For security measures, some companies only have an internal email system which does not allow emails to be sent out or received from outside the company. For many businesses, such isolation would hamper productivity but for others, the huge cost of espionage outweighs the inconvenience brought about by lack of external emails.
2. Monitor mobile devices in the workplace and beyond
We all love our devices as a means of staying connected all the time. However, business information can easily be stolen from laptops, tablets and cell phones, especially when they are linked to a cordless source of data such as WiFi. Dagada and Mukwevho argue that in South Africa, this is one of the most common methods of acquiring technical intelligence.
They suggest that an appropriate security measure for this type of ‘electronic attack’ is an air defence product, such as an information wiper system. Such a product not only acts as an early warning system, but also details the illegal activities of the hacker.
Advancing information communication technologies are then a double-edged sword for business: On the one hand, they can improve productivity and efficiency of employees and the organisation as a whole, but on the other, without the right security measures in place, they provide an easily accessible way in and way out for information thieves.
Do you have a people problem?
And these thieves aren’t necessarily sitting in a dark room with a wall of blinking computers on the other side of the world like you imagine. You might have just had a cup of coffee with one of them during your break. According to the PWC Global Economic Crime Survey 2014, the profile of a typical internal fraudster is a 31-40 year old male at management level. “Businesses face threats from both internal and external sources and multiple angles. The internal threat has the greatest impact when senior managers are involved.”
So, what are you doing about it?
3. Know your employees
Employees are a company’s greatest asset…but if you don’t take the right precautions, they can land up being your greatest liability with a real negative impact on your reputation and bottom line.
Screening is vital to ensure that your prospective employees have the qualities you need for them – and your business – to thrive. Background, criminal record and credit checks are not just boxes to be ticked in the pre-interview process – they are important indicators that will help you understand the potential risk that a person is bringing to your business. You need to gain a greater understanding of why they have applied for this specific job. “Why do they want to get into your organisation – to get information to sell, to commit a crime or just to do the work?” asks Jenny Reid, owner of iFacts, which specialises in removing people risk.
What’s more, screening should not stop at the recruitment process. “Continuous in-job screening will reveal changes in lifestyle, affluence or the acquisition of criminal records post-employment, all of which are as critical as pre-employment screening to the welfare of the company,” adds Reid. Your human resources (HR) department should have regular contact with all employees, keep their files up-to-date and flag any lifestyle changes that could possibly lead to criminal or unethical activity.
That’s not to say that an employee swamped in debt or going through a tough divorce is necessarily a risk but HR and senior management should still be aware of these developments and monitor the situation. They say that everyone has a price … and desperate times call for desperate measures. “People’s circumstances change and syndicates are targeting those guys…they may have come in with good intentions but slowly, slowly they are reeled in,” says Reid.
During the trial of Dongfan Greg Chung (the first person in the US to be tried under the economic espionage provision of the Economic Espionage Act 1996), Ronald Guerin, a former FBI counterintelligence expert, described how Chinese intelligence officers recruited informants. “You can just stroke the person and tell them they’re doing it for the good of the Motherland or the good of their country. You give them awards, give them letters, give them plaques, whatever…Or you pay them a lot of money,” Guerin was quoted as saying in ‘A New Kind of Spy’ by Yudhijit Bhattacharjee, published by The New Yorker on 5 May 2014.
4. Make employees part of the solution, not the problem
Your employees pose the biggest risk to your business. To mitigate this, you need to train your staff, build awareness around business security and implement a ‘need to know’ policy. “Access to electronic and non-electronic communication systems should be extended to only those who need to know them and who will use them,” suggest Dagada and Mukwevho in their paper, ‘Industrial Espionage Threat in Corporate South Africa’. In other words, information should be compartmentalised so that only those employees who need to can gain such access.
Email and important company documents should also be encrypted and have high strength passwords. In addition, shredders should be used regularly to shred all documents as an additional security measure.
“The theme that is emerging is that education makes employees more alert to security issues and the equipment they use should conform to that level of security,” notes Dagada and Mukwevho.
It may be impossible to achieve 100% business security but by using a combination of technical measures and employee monitoring, you will drastically reduce the risk of falling victim to economic espionage in the near future.
· ‘Industrial Espionage Threat in Corporate South Africa’, Rabelani Dagada and Seth Mukwevho http://rabelanidagada.co.za/wp-content/uploads/2014/01/144.pdf
· ‘A New Kind of Spy’, Yudhijit Bhattacharjee, The New Yorker, 5 May 2014. [read the arcticle on The New Yorker website http://www.newyorker.com/reporting/2014/05/05/140505fa_fact_bhattacharjee or download it here http://straymarcs.net/wp-content/uploads/2014/05/A-New-Kind-of-Spy.pdf]
PWC Global Economic Crime Survey http://www.pwc.com/gx/en/economic-crime-survey/index.jhtml
contact us on firstname.lastname@example.org for more information or come and visit us.