How To
Spy Repellent
Espionage strategies range from illegal to merely sleazy. In most cases, the best defense is employee awareness.
May 01, 2003 —
Spy Repellent
Espionage strategies range from illegal to merely sleazy. In most cases, the best defense is employee awareness.
| How a Rival Could Snoop | Can the Law Help? | How to Plug the Hole |
|---|---|---|
| Look at Securities and Exchange Commission filings and annual reports to see where you are making investments and generating profits. | No. This is public information. | You can't, at least not when information must be disclosed for legal reasons or when disclosure benefits outweigh the risks. |
| Study regulatory filings like those filed with the Environmental Protection Agency or OSHA. They may be freely available or obtained through a Freedom of Information Act (FOIA) request. | Most of this information is on the public record, but some sensitive information, like trade secrets, is protected from FOIA requests. | Make sure that documents aren't overly revealing, which can happen when other companies in an industry have been targets of regulatory agencies. |
| Study job postings to learn about your facilities, desired skill sets and company expansions. | No. You want this information to be public. | Be stingy with details; remove postings as soon as jobs are filled. Use "blind" postings on job boards. |
| Send someone on a job interview to gather information about your facilities and strategy. | Not much. As a general rule, misrepresenting oneself is not against the law (though, see below). | Make sure you're not giving away more information than necessary during the interview process. |
| Read press releases on your company website to find out about developing strategies. | No. Press releases are intended for the public. | Purge press releases that have outlived their usefulness. |
| Attend a talk by your researchers at a conference and ask questions afterward. Or visit your trade show booth pretending to be a customer. | No. These are public events, and trying to boot someone you suspect is a spy can get your company in legal trouble. | Warn employees about this ruse, and educate them about what kinds of information they have that would be most useful to rivals. |
| Call your employee and pretend to be the assistant to the CEO looking for information. | Yes. While it's not illegal to misrepresent oneself, it is illegal to pose as a specific person. | Educate employees about how to respond to requests for information. |
| Call a current employee and pretend to be working on a research project for school or doing a survey for a market research firm, perhaps asking questions that seem innocuous. | This is illegal only if the guise prompts the employee to disclose a trade secret—in which case, a lawyer could argue that it must not have been a trade secret if it were so easily revealed. | Always ask for a name and phone number and confirm the identity of someone unknown. Suspicious calls should be transferred to corporate communications or the security office. |
| Call a laid-off employee or recent retiree to pump them for information, hoping they're either disgruntled or eager to talk about their former work. | The target may be violating a nondisclosure agreement, but the caller is probably not breaking the law (unless a trade secret is in play). | Make sure employees who have access to sensitive information sign nondisclosure agreements. |
| Listen in on conversations at a restaurant or coffee shop frequented by employees, or at airport lounges or on flights. | No. | Remind employees not to have sensitive conversations in public places; educate them about what information would be most useful to rivals. |
| Go dumpster-diving (sort through your trash for useful documents and other information). | This is illegal only if the trash is on private property. | Have a shredding policy; educate employees about which documents are sensitive. |
| Employ someone on the night cleaning staff to make copies of important documents or plant what some professionals call "clandestine listening devices" and the rest of us call "bugs." | This is illegal but widely accepted in some countries. | Build security into cleaning service contracts. Make a clean desk policy. Make sure employees lock sensitive documents up at night. Consider hiring a security firm to periodically sweep for bugs. |
| Bribe a hotel cleaning staff to get access to an executive's hotel room, either to plant a bug or to steal documents or a laptop computer. | This is illegal but widely accepted in some countries. | Have employees guard documents and laptop computers closely. On trips to high-risk areas, consider having executives use pseudonyms. |
espionage
RESOURCE CENTER
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
WEBCAST
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
ESSENTIAL READING
Webcasts
White Papers
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Resource Alerts
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
Latest Posts
Event
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
White Papers
Featured Sponsors
Sponsored Links
