Corporate espionage is not just a plot for action movies; it is a real threat to small and large businesses. Many successful attacks of corporate espionage steal data from companies each year resulting in intellectual property being sold to other companies, often in other countries, or ransomed back to the company. This, in turn, has made it more difficult for companies to compete and to provide high-quality services.
Corporate espionage is focused on people more often than not, and those who obtain information by manipulating people are called social engineers. These social engineers recognize that people are the weakest link in organizational security. It could take time to perform reconnaissance, defeat security controls, and locate the data they need if they target technology but a few well-placed phone calls or a casual meeting in a bar could give them much of the information they need.
So how do you reduce the threat of corporate espionage? It starts by educating employees of the threat of corporate espionage and the techniques used by social engineers. Second, since social networking sites are often used to make initial contact or gather information about people in the company, educate employees on the risks and safe practices of social networking including how to validate the identity of a social networking “friend”, signs of information gathering and what can and cannot be disclosed on social networking sites. The second area of defense is physical security. Once a person has access to computers and facilities at your organization, it is very likely that they will be able to extract data. Make sure that guests are escorted through the facility. Require appointments for vendors and document who made the appointment and the identity of the vendor before allowing them entrance. Guests should sign in and be tracked. Employees should lock their workstations when they are not in use, and the organization should consider a clean desk policy. These are just some examples among many that can protect the physical security against corporate espionage. For more information, contact one of our security professionals.