Last week Apple released the Apple iPhone 5s. The most innovative feature of the new phone was the device’s fingerprint scanner, which was widely heralded as being the world’s first “hack proof” access point.
It took only a few days, however, for a German hacking group to bypass the phone’s latest security feature and gain access to the device.
The incident is the latest example that no security barrier is too great for a determined corporate spy to breach.
As our foreign competitors step up their efforts to do whatever they can to steal our vital trade secrets, there’s never been a more critical time for American companies to implement effective industrial espionage countermeasures.
Safeguarding information is not only necessary to keep America competitive, it’s also the law.
The Economic Espionage Act.
The U.S. Economic Espionage Act (EEA) was enacted to safeguard our nation’s economic secrets. The EEA requires that a trade secret owner take “reasonable measures” to keep information secret.
The term“’trade secret’ is broadly defined under the EEA and includes all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically.”
To comply with the law’s “reasonable measures” requirement, U.S. companies are tasked with implementing a comprehensive security regime to safeguard trade secrets.
35 Industrial Espionage Countermeasures
Below is a comprehensive list of countermeasures that every American executive and in-house counsel should be familiar with. The list put together by the Dictionary of International Trade Handbook of the Global Trade Community, serves as an excellent overview of the many countermeasures that your company can implement.
As you’ll see, the list includes installing alarms, shredding documents, utilizing offsite storage facilities and implementing a wide range of cyber security measures.
Building Entry Points
1. Alarm: Install alarms with motion detectors in high-risk areas with dial-up alerts to security firm or police when alarm goes off
2. Control Points: Employ security personnel to control entry ways, check visitors in and out, or man doorways to sensitive areas; install surveillance cameras to monitor comings and goings.
3. Keys and Locks: Any sensitive area, especially research and development facilities, should have special keys. Doors in those areas and to stairwells should be locked at all times and connected to burglar and fire alarms. When an employee is terminated or leaves, ensure that all keys are returned and accounted for; erase magnetic key cards; check ceiling and ventilation points.
4. High-Tech Access Control: Employ biometric scanners that measure parts of the anatomy, e.g. fingerprints, handprints, voice, or retinas work well for high-risk, high tech companies.
5. Safe: store sensitive documents, backup disks, laptops or PDAs with sensitive information in an immovable safe.
6. Off-site Storage: Store sensitive archives off site in a secure location.
7. Cross-Cut Shredders: These shredders hinder even the most patient thief from resurrecting paper records; consider placing next to copiers and fax machines for immediate disposal, especially in areas that churn out sensitive documents; other types of costly shredders that handle larger items are also available.
8. Trash Protection: Secure dumpster areas with proper lighting, fencing, locks and surveillance.
9. Overwrite Software: Replace previously stored data on a hard drive or disk with random data.
10. Degaussers: Used for removal of all data from hard drives by electromagnetic realignment.
11. Computer Disposal: Computers that hold sensitive data should have the hard drive removed and destroyed. Do not reformat or sell.
12. Electronic Surveillance: Utilize internet/mail security and CCTV video monitoring (where legal).
13. Listening and Interception Devices: Regularly sweep offices with bug detectors.
14. Telephones: The simplest models offer the fewest options for others to listen in; use landlines and avoid cell phones and cordless phones for sensitive conversations.
15. Copy and Fax Machines: Be aware that agents can insert an internal computer chip and secretly record information.
16. Encryption: Voice encryption programs will encrypt calls between individuals when both have the encryption device installed.
17. Agreements: Employ trade secret non-disclosure and non-compete agreements for all employees with access to sensitive information.
18. Secure Computing: Develop a “Secure Computing Policy” that restricts information abuse.
19. Awareness: Establish awareness to detect espionage; look out for A…B..C
20. Due Diligence: Establish due diligence background checks for hiring. outsourcing, or prospective visitors or business teams.
21. “At Risk” Employees: Management needs to be aware of employees suffering from substance abuse, financial problems, or extreme personal stress, which may prompt illegal activity within the company.
22. Crisis Management: Develop a “Crisis Management Policy” for fire, systems malfunctions, industrial sabotage, which may prompt illegal activity within the company.
23. Continuity: Establish “Business Continuity Guidelines” in the event of death or employment separation of key personnel.
24. Review: Review policies frequently and always immediately after an incident has occurred.
25. Install Firewall: To protect your data and system, install firewall and software on your computers. Maintain integrity of firewall and patches on a regular basis.
26. Passwords: Regularly change passwords. Disable “save password” function on log-in scripts.
27. Scan Network Frequently: Scan company networks regularly and directly in advance of new product releases.
28. Install Integrity Checker: Allows a system administrator to check if programs have been altered in any way and show sign of any suspicious activity.
29. Use Encryption: Code software so that unauthorized users cannot read or change data, especially for email and archiving.
30. Backup Files: Randomly restore files each week to ensure your back-up method is working properly.
31. Digital Watermarking: These techniques allow firms to control digital content by hiding identifying information within graphics. These are key to copyright/trademark protection online.
32. Secure Room: Assume any room you use is insecure unless otherwise proven to be secure.
33. Security Sweep: Screen for surveillance devices before sensitive meetings. Scan for bugs, laser lights, concealed transmitters, video surveillance, or miniature cameras.
34. Secure Sensitive Materials: Secure laptop computers and any sensitive materials or documents.
35. Exercise Vigilance: Maintain awareness that your phone line, office equipment, or room may be tapped or subject to eavesdropping at any time by the least suspected person.
As the list demonstrates, there is no shortage of espionage countermeasures that American corporations can implement. I am sure there are countless others.
What other espionage countermeasures are you seeing out there?
Be sure to see the previous post on this topic, Spies, Lies and Secrets: 37 Industrial Espionage Tactics that Threaten to Kill Your International Business.
Dictionary of International Trade Handbook of the Global Trade Community 10th Edition, World Trade Press
Secrets and Lies: The Rise of Corporate Espionage in a Global Economy. Georgetown Journal of International Affairs
Counterespionage for American Business, Peter Pitorri
Economic Espionage and Industrial Spying, Hedieh Nasheri
Keeping Secrets Secret: A Primer On Economic Espionage, Joseph Walker and Rebecca Worthington.
Economic Espionage and Trade Secrets: Common Issues in Prosecuting Trade Secret and Economic Espionage Cases, Mark L. Krotoski, United States Attorneys’ Bulletin.