Emergency TSCM Sweeps are called for if you suspect you are a victim of eavesdropping, or there has been suspicious activity.
If you have a sense that something isn’t quite right, trust your instincts, the thought would not have occurred to you if everything was all right. Conduct a TSCM sweep ASAP. Time is of the essence, and you may get only one chance to “do it right.”
What Is An Emergency TSCM Sweep?
TCSM stands for technical surveillance countermeasures. It helps organizations identify and protect against security breaches by identifying eavesdropping devices.
While an emergency TCSM sweep should be your first course of action if you suspect foul play, an electronic surveillance sweep can also be a preventative measure. Espionage, in its many forms, is much more prevalent than we might think, and weaknesses in your security can leave you vulnerable.
If you suspect that those vulnerabilities are being exploited, then an emergency TCSM sweep can discreetly identify the source of the surveillance and shut it down immediately.
When Should You Perform an Emergency TSCM Sweep?
Our experience indicates that the need for emergency TSCM sweeps are usually triggered by someone inside your organization. For example:
- Braggarts trying to impress coworkers with “insider” knowledge.
- Hearing feedback that should have been confidential.
- Disgruntled employees are always a threat if valuable information is available to them.
Even if you are positive a specific person is privy to information they should not have, the best practice is to conduct an emergency bug sweep first. Do not confront the suspect until you are sure electronic surveillance is not a factor.
We find most information losses can be traced back to people. Big mouths and poor information security practices top the list of transgressions. However, the possibility your information was lost via illegal electronic surveillance has to be considered before accusing people.
What Does a TSCM Sweep Entail?
A TSCM sweep entails three main elements: pre-sweep examination, inspection, and reporting.
First we will perform a pre-sweep of your location, determining threats and identifying technical security weaknesses. This will be performed discreetly, informing our approach for the rest of the sweep.
If you suspect your security has already been compromised, then the discrete nature of the emergency TSCM sweep is essential, as you don’t want to alert the perpetrator.
Once we’ve carried out our initial pre-sweep, we will then perform a visual, physical, and electronic inspection of the location. Our technicians are highly trained and are adept at detecting the latest surveillance technology.
During the sweep we will identify any listening devices, helping you to locate the source of the security breach.
After your location has been secured, we will then provide you with a comprehensive report, detailing security vulnerabilities and making recommendations for future safeguards.
Emergency TSCM Sweeps Can Answer Many Questions
Emergency TSCM sweeps are commissioned because electronic surveillance always tops the list of suspects. Why? Bugs are easier to get, get smaller everyday, and are incredibly cheap now. Don’t believe me? Try this Ebay search for Surveillance Bug.
We go into an emergency TSCM sweep knowing a real loss has occurred.
Almost all of these cases are successfully solved even though electronic surveillance is the sole factor only 2%-5% in any given year.
Our high success rate is due to our focus on solving our clients’ problems, not just finding bugs and saying good-bye. The vast majority of our emergency TSCM sweeps find non-electronic surveillance information loss issues too.
Other triggers that require emergency TSCM sweeps come from poor or lapse security practices. Regardless of how well intentioned your security and practices are, if your security plans are poorly designed, improperly implemented, or use outdated hardware – you represent a rich target for employee snooping and industrial espionage.
Fortunately, how your information loss occurred can usually be determined during an emergency TSCM sweep, if it’s conducted quickly and quietly.
Solving emergency TSCM cases requires more evaluation than what you will get from an ordinary bug sweep. A complete and thorough emergency TSCM sweep also takes into consideration:
- general security policies,
- information security safeguards,
- employee implementation of these policies and safeguards,
- physical security design,
- and a review of security hardware to discover decay and inadequacies.
The Murray Associates team has this combination of skills, knowledge and experience.
What to Do if You Suspect You’ve Found a Bug?
In these cases, the following steps should be followed to protect the crime scene and help facilitate catching the perpetrator:
“I think I found a bug what should I do?”
- Do not disturb the device. It is evidence.
- Do not alert the eavesdropper by talking.
- Secure the area. It is a crime scene. (Use a non-alerting excuse.)
- Document your evidence. Make notes. Take photos.
- Make a mental note of anyone who appears just a little too interested.
- Notify only people who have a real need-to-know.
- Tell all persons involved to keep it confidential.
Contact us, but remember to use a safe phone or computer, in a secured area.
After the Sweep, our technical specialist will work with you:
- to complete the documentation process;
- inspect for additional, or supplementary devices;
- evaluate the situation; answer your questions;
- make suggestions as to how to identify the eavesdropper;
- help you develop an information protection strategy for the future.
Have a Question About TSCM?
If you have any questions about the TSCM or Mobile Device Forensic services provided by Murray Associates, simply fill out the form below, or call us from a safe area and phone.
If you think you are under active electronic surveillance, or believe you have discovered a bug or covert video camera, follow the directions above and visit our post “I think I found a bug. What do I do?” The procedural checklist there will also tell you exactly what you need to do next.