May 01, 2003 —
Spy Repellent
Espionage strategies range from illegal to merely sleazy. In most cases, the best defense is employee awareness.
| How a Rival Could Snoop | Can the Law Help? | How to Plug the Hole |
|---|---|---|
| Look at Securities and Exchange Commission filings and annual reports to see where you are making investments and generating profits. | No. This is public information. | You can't, at least not when information must be disclosed for legal reasons or when disclosure benefits outweigh the risks. |
| Study regulatory filings like those filed with the Environmental Protection Agency or OSHA. They may be freely available or obtained through a Freedom of Information Act (FOIA) request. | Most of this information is on the public record, but some sensitive information, like trade secrets, is protected from FOIA requests. | Make sure that documents aren't overly revealing, which can happen when other companies in an industry have been targets of regulatory agencies. |
| Study job postings to learn about your facilities, desired skill sets and company expansions. | No. You want this information to be public. | Be stingy with details; remove postings as soon as jobs are filled. Use "blind" postings on job boards. |
| Send someone on a job interview to gather information about your facilities and strategy. | Not much. As a general rule, misrepresenting oneself is not against the law (though, see below). | Make sure you're not giving away more information than necessary during the interview process. |
| Read press releases on your company website to find out about developing strategies. | No. Press releases are intended for the public. | Purge press releases that have outlived their usefulness. |
| Attend a talk by your researchers at a conference and ask questions afterward. Or visit your trade show booth pretending to be a customer. | No. These are public events, and trying to boot someone you suspect is a spy can get your company in legal trouble. | Warn employees about this ruse, and educate them about what kinds of information they have that would be most useful to rivals. |
| Call your employee and pretend to be the assistant to the CEO looking for information. | Yes. While it's not illegal to misrepresent oneself, it is illegal to pose as a specific person. | Educate employees about how to respond to requests for information. |
| Call a current employee and pretend to be working on a research project for school or doing a survey for a market research firm, perhaps asking questions that seem innocuous. | This is illegal only if the guise prompts the employee to disclose a trade secret—in which case, a lawyer could argue that it must not have been a trade secret if it were so easily revealed. | Always ask for a name and phone number and confirm the identity of someone unknown. Suspicious calls should be transferred to corporate communications or the security office. |
| Call a laid-off employee or recent retiree to pump them for information, hoping they're either disgruntled or eager to talk about their former work. | The target may be violating a nondisclosure agreement, but the caller is probably not breaking the law (unless a trade secret is in play). | Make sure employees who have access to sensitive information sign nondisclosure agreements. |
| Listen in on conversations at a restaurant or coffee shop frequented by employees, or at airport lounges or on flights. | No. | Remind employees not to have sensitive conversations in public places; educate them about what information would be most useful to rivals. |
| Go dumpster-diving (sort through your trash for useful documents and other information). | This is illegal only if the trash is on private property. | Have a shredding policy; educate employees about which documents are sensitive. |
| Employ someone on the night cleaning staff to make copies of important documents or plant what some professionals call "clandestine listening devices" and the rest of us call "bugs." | This is illegal but widely accepted in some countries. | Build security into cleaning service contracts. Make a clean desk policy. Make sure employees lock sensitive documents up at night. Consider hiring a security firm to periodically sweep for bugs. |
| Bribe a hotel cleaning staff to get access to an executive's hotel room, either to plant a bug or to steal documents or a laptop computer. | This is illegal but widely accepted in some countries. | Have employees guard documents and laptop computers closely. On trips to high-risk areas, consider having executives use pseudonyms. |
RESOURCE CENTER
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
WEBCAST
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
ESSENTIAL READING
CENTER OF EXCELLENCE
Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on Symantec.Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is?Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say.7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions.Ponemon Study: How Much Does a Data Breach "Cost"?
35 U.S. organizations that lost confidential information and had a regulatory requirement to publicly notify affected individuals are studied in this report.Center sponsored by
Webcasts
White Papers
- How Are Open Source Development Communities Embracing Security Best Practices?
- Using Likewise to Comply with PCI Data Security Standard
- Ponemon Study: How Much Does a Data Breach "Cost"?
- Managing SSL Security in Multi-Server Environments
- Maximizing Site Visitor Trust Using Extended Validation SSL
- The Latest Advancements in SSL Technology
Resource Alerts
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
Latest Posts
Event
Data Loss Prevention
-
November 13, 2008The Roosevelt HotelRegister now »
New York, NY 10017
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
White Papers
Featured Sponsors
Sponsored Links
