Corporate Spying: Snooping, by Hook or by Crook

Corporate spies come in many guises, but they all have one thing in common: They want to use your company's secrets for competitive gain. This is a five-step guide to how snoops operate.

Fortunately, hanging onto proprietary informationwhether it's a trade secret or just a few strategic details that may seem inconsequentialisn't just about luck. It's about understanding the dark forces that are trying to get information from your company and piece it together in a useful way. Some of these forces come in the guise of "competitive intelligence" researchers who, in theory anyway, are governed by a set of legal and ethical guidelines carefully wrought by the Society of Competitive Intelligence Professionals (SCIP). Others are outright spies, hired by competitors or even foreign governments, who'll stop at nothingbribes, thievery, a pressure-activated tape recorder hidden in your CEO's chair. Most tromp on a gray zone in between.

The boundaries between espionage and competitive intelligence might matter to those in the profession, but regardless of how these snoops operate, they all have one thing in common: They want to use your company's secrets for competitive gain. And the sometimes subtle distinctions between legal and illegal, ethical and unethical, should matter little to the CSO. "I don't care if they're ethical or not," says Richard Lew, director of security and risk management for Dial Corp. "It's our informationgo away."

Making them go away, however, depends on understanding them. To help, we've compiled a five-step primer on how the bad guys operate. Use it at your competition's risk.Find Out What's PublicLeonard Fuld has had this conversation before. "Everybody would like to think about the dark side," gripes Fuld, whose eponymous intelligence consulting company in Cambridge, Mass., has one of the less-blemished reputations among companies that deal in corporate secret gathering.... Excuse us, competitive intelligence.

"You need to make it clear to your audience," he lectures, "that more damage is done by a company being lax about how it handles information than by thieves. Sure, there are people out there who want to take your information, but more often than not, your own company is doing damage to itself by not being tight about how it controls information." That laxity, he insistsand not social engineering trickery or outright illegalityis what allows his company to gather competitive intelligence, both for companies that want to keep tabs on rivals and those that want to identify their own leaks.

Fuld has a point about those plain-sight opportunities. Salespeople show off upcoming products at trade shows. Technical organizations describe in great detail their R&D facilities in job listings, trying to attract top-notch scientists. Suppliers brag about sales on their websites. Publicity departments issue press releases about new patent filings. Companies in industries targeted by regulators over-report information about manufacturing facilities to the Environmental Protection Agency or OSHA, which can be part of the public record. Employees post comments on Yahoo bulletin boards.