Budget War: Holistic Information Security v. IT Security
Holistic information security is under attack.
IT tunnel vision is the most common mistake companies make when it comes budgeting. A holistic information security approach is required to really secure sensitive information, intellectual property, and personal privacy. Yes, IT security is very important, but face it, all that information was available to the snoops long before it was ever reduced to computer data. A proper information security effort must take into account all information theft techniques; electronic surveillance, procedural security, and physical security.
Thinking holistic can avoid the lopsided IT budget mistake.
Holistic Information Security Facts
- All pre-computer era spy tactics still work, and are still being used. Focusing on IT security alone leaves all these other doors open.
- Most “computerized” information is vulnerable to corporate espionage long before it is put into a computer.
- Data theft is the low hanging fruit of the business espionage world. The real pros use ladders and go for the freshest information, sensitive discussions.
Murray’s Holistic Approach to Information Security
Protect information while it is being generated.
Including discussions, audio and video communications, and strategy development. Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices and conference rooms on a scheduled basis. Example: Ford Motors found voice recorders hidden in seven of their conference rooms.
Protect information while it is in transit.
Including via phone, teleconference, Board meetings, off-site conferences. Wiretapping and Wi-Fi are very effective spy tools. Check for wiretaps on a scheduled basis, or encrypt the transmissions. Conduct pre-meeting TSCM inspections. Tip: Never let presenters use old technology FM wireless microphones. The signal travels further than you think, and is easily intercepted.
Protect how information is stored.
Unlocked offices, desk and file cabinets are a treasure trove of information. Print centers store a copy of all print jobs. Limit written distribution of sensitive information. Crosscut shred sensitive waste paper. All these vulnerabilities and more should be covered during the security survey portion of your TSCM inspection.
Educate the people to whom sensitive information is entrusted.
Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Explain the importance of information security in terms they can understand, e.g. “Information is business blood. If it stays healthy and in the system, your job, and chances for advancement, also stay healthy.”
Effective information security requires a holistic information security protection plan. IT security is an important part of this plan, but remember it is only one door to your house of information.
There is more you need to know.
Corporate Counterespionage Strategy – The Basic Elements
Economic Espionage Theory and Prevention via TSCM
Executive Suite Security Considerations for Information Security and Operational Privacy
Kevin D. Murray CPP, CISM, CFE, CDPSE is a business counterespionage consultant and TSCM specialist with over four decades of experience.
Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.