Economic Espionage is no secret.
Corporations are having their pockets picked, big time.
Economic espionage, done correctly, is a covert activity. You are not supposed to realize you’ve been pickpocketed. Yet, the media reports economic espionage stories almost every day. This is because the successful attacks, which didn’t stay covert, are being reported more often. These reports are an iceberg’s tip, and everyone is on Titanic.
One can cautiously surmise these silent muggings are pandemic. Competition is the nature of business, and dirty play is the new normal.
You may be in a position to stem the financial bleeding in your business, or at least advise the person who can. The hero who takes action will: increase company profits, allow expansion, and create employment stability. Here’s your plan…
Step 1. Calculate Economic Espionage Losses
Realize dollar losses from economic espionage are enormous, and can be calculated. Product related losses from espionage are the easiest to calculate. Here’s the formula…
Unrealized Profits = Product Profit x Sales Life Span, in years. (UP = PP x SLS)
Then, add in the cost of…
- research & development,
- tooling for manufacturing,
- marketing, promotion and advertising,
- sales department personnel time,
- invested employee talent in the project,
- legal actions during product development,
- legal actions once the espionage has been discovered,
- stockholder disappointment, and possible law suits,
- loss of consumer goodwill, and potential future purchases,
- the cost of the unsold goods, transportation, warehousing, etc.
Intellectual property and business strategy thefts can be calculated in a similar fashion.
The “UP” numbers are BIG. A calculated loss from only one incident makes a compelling argument for adding a Counterespionage Strategy to any security program.
Step 2. Customize a Counterespionage Strategy
Successful espionage sometimes pops up as “interesting coincidences,” look-a-like products, and mysterious lost profits. Most often, it just happens, and nobody can prove espionage for certain.
Every organization needs to think strategically about protecting their assets. Guards, alarms, and locks protect physical assets. Protecting intangible / intellectual property and privacy takes a concerted counterespionage strategy.
In public companies, not having a strategy is indefensible from a stockholder’s point-of-view.
Use this checklist to customize a strategy for your organization.
Counterespionage Strategy Checklist
- Obtain management leadership to promote the overall effort.
- Create written guidelines, policies, and enforcement rules for:
— Classification of Documents
— Information Security
— Recording in the Workplace (audio, video & data)
— Technical Surveillance Countermeasures (TSCM / debugging sweeps)
— Area Access Control
— Perimeter Security
Note: There are excellent security consultants who can help you with these tasks.
- Provide employee education on information security and workplace espionage.
- Institute intellectual property safeguards (physical and data).
- Designate certain areas as business secret areas. Provide elevated security measures.
- Institute legal compliances – The “non” agreements (non-disclosure, non-compete, etc.) for employees, vendors and consultants to sign.
- Conduct marketplace monitoring for espionage violations.
- Create proactive audit schedules for…
— TSCM audits to detect electronic spying while it is still in the intelligence collection “no harm done yet” phase.
— Wi-Fi audits to identify rogue devices and document compliance with applicable privacy laws (usually conducted during TSCM inspections).
— Information security surveys (usually conducted during TSCM inspections).
— Physical security surveys (often conducted during TSCM inspections).
Create in-house systems to…
— Evaluate employee reports of espionage suspicions.
— Research “interesting coincidences” and look-a-like products.
— Account for the actual and potential dollar value of espionage.
— Create an annual cost / benefit analysis of the counterespionage effort.
Step 3. Institute a Schedule for TSCM Inspection Surveys
Economic espionage intelligence is collected quietly long before it is actually used. The damage isn’t done until they use your information against you. Electronic surveillance is a key component of pre-attack intelligence gathering. It is also the one early-warning sign which is easily detectable.
Periodic inspections help…
- Competitive Intelligence
- Internal Intrigue
- Strategy Spying
- Media Snooping
- Mysterious Leaks
- Espionage Problems
- Privacy Invasion
- Eavesdropping Concerns
- Sensitive Communications
- Trade Secrets
- Boardroom Discussions
- Mergers & Acquisitions
- Delicate Negotiations
- Lawsuit Strategies
- Employee Safety
- Vulnerable Off-site Meetings
- Executive Residences, Home Offices and Corporate Apartments
- Corporate Aircraft, Limos and other transport
- Personal Privacy
- Limit windows-of-vulnerability.
- Identify new vulnerabilities.
- Fiduciary Responsibilities
- Due Diligence Requirements
- Business Secret Status for Court
- Employee respect for information security.
- Effectiveness of established security measures.
Frequency of TSCM Inspections
For most businesses TSCM inspections are a quarterly practice. Semiannual and bimonthly schedules are the next most common. Consistent scheduling is as important as the inspection itself. Discontinuing periodic inspections may be interpreted in a courtroom setting as an admission that previously protected information is no longer important.
TSCM Inspection Locations Checklist
- Business offices
- Conference rooms
- Private dining rooms
- Executive homes & home offices
- Subsidiary and satellite locations
- Off-site meeting locations
- Company cars, boats, planes.
Determine what percentage of your company’s value is comprised by its intangible assets (intellectual property, goodwill, etc.). In most cases, these assets will be more valuable than the physical assets.
Divide the security budget accordingly between these two groups. The full cost of Technical Surveillance Countermeasures (TSCM) surveys can usually be funded by simply correcting the alignment of the existing security budget.
Pressure to protect easily seen physical assets, and over-spending on IT security, are common problems.
IT security is a very important part of protecting proprietary information. However, keep in mind most of the information in the IT Department’s care was/is available elsewhere in other forms (conversations, meeting notes, etc.) – long before being reduced to computerized data. Spies know this.
Additionally, some of the most valuable information, e.g. strategies, direction-changing decisions, visionary ideas, etc., is never reduced to data.
From an economic espionage point-of-view, the freshest information is the most valuable information. This is why Technical Surveillance Countermeasures (TSCM) surveys are such an important component of the corporate counterespionage strategy.
Let’s Be Blunt
Having a Corporate Counterespionage Strategy these days is an imperative. Not having one is just negligence, and shows poor business sense.
If a Counterespionage Strategy is part of your security program, review it for completeness, and competence. If you don’t have on, create one. Until you do, your company is the weak prey on the business savanna. You will bleed.
Kevin D. Murray CPP, CISM, CFE, CDPSE is a business counterespionage consultant and TSCM specialist with over four decades of experience.
Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.