Any type of business that possesses proprietary information may be under threat of corporate espionage. Data compromised could consist of employee information, client information, research documents, client agreements and prototype designs for new products and more.
Outside interests steal information to blackmail or extort the company for money. They may also develop elaborate scams, commit credit card fraud, or other criminal behavior with the information stolen.
Most often, business espionage is committed by employees. In fact, employees account for 85 percent of corporate espionage. In total, companies lose up to $100 billion per year due to business espionage.
Statistically, companies have proven that 75 percent of business espionage occurs from obtaining a physical document or disk, rather than hacking. Companies are breached by individuals dumpster diving and collecting trash. Companies should monitor their practices to ensure that these particular occurrences do not occur. Businesses may implement a number of security safeguards to prevent these actions from occurring.
- Since a majority of information stolen is in the physical form, companies should shred all documents before they are discarded. A regular shredding process will prevent essential company information from being stolen from the company.
Avoid Printing Proprietary Information
- Do not print sensitive company information unless it is absolutely necessary. Then immediately place the information in a secure envelope or place until it reaches the intended party. Information lying around on a desk may be easily copied, photographed, or stolen. Companies should change their policies in order to prevent this occurrence.
- Secure all necessary printed documents in a locked file cabinet. Keep the cabinets locked when the cabinets are not in use. This prevents employees or other parties from stealing documents or copying documents.
- Companies invest significant amounts of capital into protecting electronic documents from hacking or outside intrusion. The likelihood of a virus or Trojan is possible; however, businesses are more likely to be breached through a printed document rather than hacking. Businesses must provide means to protect printed documents from tampering.
- Companies should invest in technology that prevents documents with sensitive company information from being copied. Common solutions might be a program like Adobe Acrobat, or Pagemaker, allowing you to watermark or otherwise protect your documents from duplication.
Enterprise Rights Management
- Companies may set access controls within software indicating authorized parties that are allowed to print specific runs of specific documents. This will prevent individuals from carelessly printing materials which may expose the company to unnecessary risks.
- Print encryption is another method to protect sensitive company information. When a document is printed, it hides sensitive information in the print fields where the encryption occurs. The information encrypted may only be viewed by individuals who possess the authority to view the information.
Preventing Computer Espionage
- Trojan Horses and viruses are often used to lift information from corporate individuals. This type of espionage is very targeted and covert. Computer hackers have developed elaborate Trojans to prevent corporations from determining the origin of the hacker. The hackers also guard against spy program removal and from detecting that the program exists by circumventing any virus software. Corporate hackers use the information to provide directly to a competitor or to convince corporations to purchase their software to prevent future attacks. The latter occurrence is akin to blackmail.
- Information may also be shared to the very individuals you are entrusting to keep you protected. Individuals who purchased anti-Trojan or anti-virus software must trust the individuals in the corporations employed to protect them, because that company may also be guilty of corporate espionage. Anti-virus developers may hack a system faster than any outside entity.
- Disgruntled employees may be likely candidates for business espionage. Companies should be aware of Web 2.0 services, anti-virus and anti-Trojan software, and off-site storage. Businesses should protect all copyrights, trademarks, and patents that are stored electronically, as well as other intellectual e-properties.
- Not only should the company be concerned about their own information, but they should also be concerned with maintaining the security of their clients’ information. Sensitive information such as addresses, Social Security numbers, account numbers and credit card numbers must be protected. Breach of this type of information may cause irreparable harm to an individual and can be the responsibility of the company. When personal information is lost or breached, companies may lose millions of dollars and face charges from millions of legitimately irate customers.
- Non-compete and non-disclosure agreements are a start in preventing employees from exposing company data. However, employees will often share data despite the agreement. Companies need firewalls and other ways to block company sensitive data from leaking from the corporation. All anti-virus and anti-Trojan software should be updated frequently. Screen employees and hire those who you trust will not be a great risk in sharing sensitive corporate information.
- Servers should only be accessed by trusted IT professionals. Servers should be stored offsite or be stored in locked cabinets that cannot be accessed by normal means. The cabinets should be able to withstand heat and cutting tools. Employees should be sure their computers are free of keystroke gathering technology when working from remote locations on web based applications.
- Traditional anti-virus software may no longer protect some corporations. Many companies need customized applications to block competitors from accessing sensitive data. Companies must remain vigilant and continuously update prtective measures, as technology changes quickly. Old software will leave the company vulnerable to potential security breaches.