Espionage or Information Security Breach | Scope of Risk

Commercial or industrial espionage includes the acquisition of sensitive commercial or government information through both legal and illegal means in order to steal, use, or acquire data that will give illegally gained competitive advantages in technological or brand capacity, or undermine another group's business activities or reputation. Espionage can be an unethical but legal act if information is gathered from discarded materials that come into the public domain. This may include riffling through the trash in order to find sensitive documents. Industrial espionage may also use both unethical and illegal means to gain information by theft of trade secrets, the use of bribery and blackmail, seduction and pretense, human and technological surveillance, and violence and intimidation. Industrial espionage may be undertaken by criminal groups, businesses, or governments, or in some cases by insurgent and terrorist organizations, and often occurs during a tendering or product development period.


Add a note hereCompanies should identify which activities and individuals are most at risk from espionage and review the policies, procedures, and training in place to safeguard information and materials. The company should develop standard operating procedures to protect sensitive information through policies and physical and technological security measures. The IMP will provide the initial alert and response measures if an information breach is reported.

Add a note hereThe risk of espionage can occur in any country or political state, within the West or in a newly independent republic (either a totalitarian state or freely elected democracy). In order to minimize the threat of industrial espionage, a company should advise personnel that there is always a risk, especially during business negotiation periods or when designing new products. As a result, any sensitive information or documents should be identified and protected; that is, staff should be advised never leave sensitive documents lying around—always keep them with you. Hotels and hotel safes can, and in some countries definitely will, be searched. Personnel should assume their hotel rooms, telephones, and in some cases longterm accommodations are bugged with electronic devices. Personnel should seek to use their cell phones as opposed to the hotel phones, preferably on the balcony. Personnel should also assume their emails will be intercepted; their content should be sanitized where possible.

Add a note hereElectronic files or documents should be saved on a secure hard drive that is Pretty Good Privacy (PGP) encrypted, and ideally only on company assets. An alternative to the hard drive of the laptop/desktop is an external hard drive, which itself should be secured when left unattended. File sharing should also be managed appropriately so as to ensure that only those personnel requiring and authorized to have such information have access. A needtoknow policy should be applied. Veiled speech or prearranged code words should be used on radio networks and when communicating by telephone so as to ensure operational security. When using the telephone to make calls that may include classified information when or relaying sensitive information, individuals must use their utmost capability to ensure they cannot be overheard by thirdparty individuals.
Add a note hereSensitive or classified information may be used by unauthorized persons to undermine an organization's business interests or project activities, or physically target facilities, supplies, or personnel. Information security should reflect the risks posed if such information were to fall into the wrong hands. Consequently, all potentially classified or sensitive documentation and notes should be disposed of by burning or shredding, and not be discarded in trash bins. This includes commercially sensitive information, personnel data, rosters, plans, schematics, telephone lists, reports, surveys, and schedules. Classified material may come in the form of documentation, data, slides, photographs, and communications traffic. All personnel should be aware of their surroundings when discussing sensitive or classified information on the radio networks (which are usually nonsecure) or by telephone (which is even less secure). Besides electronic forms of eavesdropping, impromptu or casual eavesdropping may also occur.

Add a note hereWhile industrial espionage generally takes the form of technological infiltration or physical searches, personnel should be aware that it may take the form of a personal interrogation. To this end, it is advisable to be wary of members of the opposite sex who wish to talk after several drinks, in either a seductive or a companionable manner. When traveling abroad, it is inadvisable to become inebriated in unknown company, as it may expose you to unnecessary physical risk. Personnel should decline a drink that they have not seen poured unless the dispenser is known and trusted.

0 comments:

Popular Posts