TSCM best practices for enterprise organizations are different than those for single locations.
They have to be. Technical Surveillance Countermeasures (TSCM) is much more complicated in this environment.
- Eavesdropping and economic espionage attacks are magnified on the world stage.
- There are more sensitive areas which require bug sweeps and information security surveys.
- Keeping track of scheduling is an issue.
- International locations require knowledge of local laws, language, Customs regulations, etc.
- Hiring the best TSCM local talent requires evaluating loyalty, trust, knowledge and instrumentation capabilities.
Security directors at enterprise organizations could handle these challenges, but the smart ones don’t. They know time would not allow them to handle this as well as a dedicated TSCM specialist. In fact, they act more like orchestra conductors. They seek out the best players for their security needs, and make sure all participants blend into a symphony of protection for the enterprise. This will usually include: the headquarters staff, regional security directors with their mini-orchestras, security vendors, consultant-specialists, and assorted adjunct technical specialists.
TSCM is a sub-section of the enterprise security orchestra. In this section we have the principal lead TSCM’ist, or concertmaster. They are coordinators as well, with full-time attention focused on providing the best TSCM services for their Enterprise clients.
A Security Director’s Best TSCM Practices Score
- Discuss TSCM best practices with top management. Explain what TSCM is, the benefits, and obtain their backing to move forward.
- Locate and vet the best TSCM specialist you can find.
- Work with your specialist to identify needs and develop a TSCM strategy, schedule and budget.
What About Creating an In-House Team?
Some enterprise organizations do create in-house TSCM teams. This works well if two conditions are met: the team is kept busy with TSCM duties full-time with no other responsibilities; the team is fully funded and continually provided with training. If you are on the fence about creating an in-house TSCM team, read: In-House TSCM Bug Sweeps vs. Outsourced TSCM Bug Sweeps.
What About Handling it Ourselves?
Consider this… Multiple vendor vetting, contracting, and scheduling is time-consuming, and expensive. Trying to locate credible and loyal local vendors can range from difficult to impossible – especially internationally. Lowest common denominator effectiveness is usually the outcome. High consistent quality security is never attained with fragmented efforts.
You really would rather have a TSCM consultant working with you. Here are some topics where you will find their advice very helpful…
TSCM best practices require sensitive locations be inspected on a re-occurring basis. Quarterly and biannually are the most common. There are exception, of course, for special events and periods of heightened sensitivity, e.g. law suits, mergers and acquisitions, intrigue events, etc.
Each location within the enterprise structure will have its own group of sensitive areas, and scheduling needs. Once they are known, your TSCM consultant can create an economical inspection schedule. If the schedule is extensive enough a very cost-effective flat rate will likely apply.
TSCM Best Practices – Sending Your Domestic Team
Governments have the right idea. They send their own trusted experts to detect illegal eavesdropping. Whenever possible, you should too. This is especially important when there are concerns about a local vendor having ties with the local authorities, or worse, your local competition.
TSCM Best Practices – Using the Local Talent
Situations arise when using local TSCM specialists is the only option. Last minute meeting coverage and one office inspections are examples of this.
An experienced TSCM consultant will already have a vetted network of TSCM associates worldwide to call in on your behalf. They are known on a personal basis to your consultant. They worked together previously. The level of performance can be independently and knowledgeably evaluated by your consultant–with your best interests in mind.
TSCM Best Practices – When the Best Team is a Hybrid Solution
Some enterprise organizations opt for hybrid solutions. There are two versions of this.
- One or two organization security employees may be given limited training by the consulting TSCM firm. This allows small, last minute sweep requests to be handled, in between the regularly scheduled professional inspections.
- On International assignments where it is not economical, or otherwise feasible, to send a full domestic team, a domestic sweep manager is sent to oversee the inspection being performed by the local team. This provides a high level of expertise, assures thoroughness and quality of service.
Summation of Benefits Provided by Your TSCM Consultant
- One point-of-contact.
- International coverage.
- Documented due diligence.
- Easy program management.
- Proven loyalty and trustworthiness.
- Uniform procedures, reports and billing.
- Extensive TSCM knowledge and contacts.
- Assurance of technical expertise at all locations.
For an overview on our scheduled TSCM services, click here.
Kevin D. Murray CPP, CISM, CFE is a business counterespionage consultant and TSCM specialist with over four decades of experience.
Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.