This is Part II of Ten Business Counterespionage Tips Competitors Don’t Want You to Know. Click here for Part I.
4 – Hack, Crack & Whack
This business counterespionage tip is aimed specifically at personal computers, laptops, Wi-Fi networks and remote access ports. The attacks are rampant. Explain to everyone in your organization why these security precautions are necessary.
Enforcing the “Protect your laptop at all times” rule.
Explanation…The replacement cost of a stolen laptop is not just the loss of the machine; it is also the loss of:
- The valuable competitive and confidential data;
- the time it took for someone to compile the data;
- the time it will take to reconstruct the data (if possible);
- and the loss of passwords probably stored on the drive.
When this information is lost, the organization becomes vulnerable: to wholesale theft/corruption of mainframe data, and sabotage via viruses, Trojan horses, etc.
The bottom-line cost of a stolen laptop is lower profitability, and reduced job security for everyone.
More business counterespionage security tips related to computers and data:
- Develop a communal sense of security responsibility.
- Limit physical access to computers by outsiders.
- Limit administrative access to software packages.
- Use quality passwords.
- Secure PC-related materials, such as external drives, backups, etc.
- Never leave a computer logged-on. Always log-off. At least, use an automatic password protected screen saver.
- Report suspected intrusions and altered data to the security department.
- Remove sensitive data when no longer needed, or not needed for immediate use.
- Protect memory media, such as CDs and USB memory sticks.
- Never use a gift USB memory stick. You don’t know what kind of disease it has.
- Be aware that copy commands can move sensitive data inadvertently.
- Do not rely on deletion commands. Format media instead.
- Keep computers with the most sensitive off the networks if possible.
- Do not use unsolicited apps, borrowed apps or other software of unverifiable origin.
- Backup all data on a regular basis, twice. One to a secure off-site location.
- Require encryption on Wi-Fi access points. Use the best level they support. Know that there is no 100% hacker-proof encryption for the 802.11 wireless standard. Encryption just makes things a little more difficult for the hacker. See our Wi-Fi Security Checklist.
- Reformat hard drives before retiring old computers and print centers. Both hold lots of sensitive data.
- Do not discuss system security with anyone you don’t know, no matter what they tell you.
Mobile Phone Leeches
Old style analog cordless telephones, wireless headsets and keyboards are among the easiest of eavesdropping targets. Fortunately, most devices in use these days use digital technology, like Bluetooth and DECT 6.0.
What we still see often are analog FM wireless microphones in Board and conference rooms. More on this later.
Monitoring private wireless transmissions is illegal. Do not rely on the laws to protect your privacy, though. They are generally considered unenforceable.
Common spyware questions I hear:
- Listen in on my calls?
- Listen to my voice mail messages?
- Remotely steal my contacts list?
- Activate my microphone 24/7?
- Make my phone dial someone else?
- Receive a secret text message showing the length of my calls?
- Send fake texts from my phone?
- Get a text to alert them when I am using my phone?
- Send me texts using a fake number?
- Get my new phone number even if I switch SIM cards?
- Get a text message with the numbers I call and receive?
- Track where I am – on a computer map – using the phone’s GPS?
- Track where I am – on a computer map – even if my phone lacks GPS?
- Do all this from anywhere in the world?
- Record my calls using my phone’s own internal memory?
- Trick me into installing spyware by making it look like a game?
The answer to all of these questions: Yes.
Although interception of digital smartphone transmissions is difficult, spyware compensates.
Smart tips for smart cell phones:
- Don’t give anyone the opportunity to plant spyware on your phone. Password protect access to it.
- You can self-evaluate if your Android phone is infected with spyware. If you have an iPhone just reload the software.
- If you suspect spyware is on your phone, just changing the SIM card is not a sure-fire cure. Reload the software. Replace the SIM card.
- Surefire spyware-buster… purchase a new phone and SIM card.
- For detailed information on smartphone spyware and what to do about it, read the book, “Is My Cell Phone Bugged? Everything you need to know to keep your communications private.”
General phone business counterespionage tips:
- Be careful where you speak. The eavesdropper might be standing near you.
- Be careful who you call. That person might be vulnerable to eavesdropping, or their phone might be tapped.
- Consider using encryption if you call the same location often and the stakes are high.
- Call into work on a number that is not answered with a company name or other identifying information.
- Use first names and code words to identify special projects. Speak in general and uninteresting terms.
6 – Technology Traitors
Technological advancements give us many communications conveniences. Unfortunately, they also bring new opportunities for the snoops.
Here are a few of the Technology Traitors…
- Answering Machines and Voice Mail. Messages left on many home answering machines, and phone company provided voice mail, can be remotely accessed using simple codes. Easy to hack. Most people never change the code which comes preset in new machines and services. Some answering machines also have a remote listen-in feature. Solution… Read your manual carefully so you understand the features. Use a quality passcode. Keep it private. Never leave confidential details on another person’s answering machine or voice mail.
- Fax Machines. Still in use in many businesses, some older fax machines use disposable rolls of black film in the printing process. Used rolls contain an exact copy of all faxes received. If you still require fax capabilities, use a machine which uses powder toner, and offers easy wiping of transmissions from the memory. Receiving an after hours fax transmission is similar to receiving mail without an envelope. Sensitive messages may read by bored guards and other after-hours workers. Solution… Use a fax which stores transmissions and requires a password to print them.
Surprise business counterespionage tip: Fax lines should be part of your Technical Surveillance Countermeasures (TSCM) inspections. Not primarily because your are concerned about information interception. Because they are a direct line to the outside world on which a remote-controlled room eavesdropping device can be easily attached.
- Wireless Microphones. Meeting presenters love using them. Unfortunately, FM analogue wireless microphones transmit crystal clear audio up to a quarter mile. Their transmissions are easily intercepted. Solution… Ban all wireless devices (cell phones included) from any meeting to which the general public would not be invited. If a wireless microphone is necessary, use one which transmits digitally, or via infrared light (if the room does not have windows).
- Dictation Machines. Still in use in some businesses, along with digital voice recorders, these are often the information security orphans. Security conscious employees may shred the rough drafts, lock up the file copies, and send the originals in sealed security envelopes… but if they dictated, that file is often left in an open desk, or on the desktop. Solution… Be sure to erase recorded files as soon as it is no longer needed.
- Wireless Printers and Other Devices. When a Wi-Fi system is initially installed in a company, the IT department makes sure the encryption is turned on at every Access Point (AP) and at all wireless printers. Later, wireless equipment is installed one piece at a time, often without IT oversight. By default, the encryption is not turned on. What once was a well-protected network, is now Hacker Avenue. Solution… Conduct Wi-Fi security and compliance surveys as part of your TSCM inspections on a regular basis.
- The Auto-Answer Feature. Most audio and video teleconferencing systems have an auto-answer feature. When active, incoming calls activate the system and the microphones become live. The only indication of an incoming call may be an initial beep. In the case of video teleconferencing, if only the screen has been turned off (accidentally, or on purpose) the threat remains the same, e.g. eavesdropper calls in when the room is not being used, then listens quietly waiting for a meeting to begin. Solution… Set the auto-answer feature to off, turn on password protection so the setting cannot be changed.
These are just a few of the technology traitors we live with every day. A smart information security / TSCM consultant will be able to identify the ones in your workplace, and offer cost-effective recommendations for mitigating these vulnerabilities.
Continue reading the rest of the Top Ten list at Business Counterespionage Tips Competitors Don’t Want You to Know – Part III
Kevin D. Murray CPP, CISM, CFE, CDPSE is a business counterespionage consultant and TSCM specialist with over four decades of experience.
Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.