Hear the words ‘corporate espionage’ and you might think it’s only something that corporate giants need to worry about.
But that’s not the case. Corporate espionage is something that can affect companies of any size. And despite what you might believe, the threat is highly likely to come from within your organisation.
The corporate spy could be a satisfied or disgruntled employee, a manager, or a supplier, according to Rick Orloff, CSO at Code 42, a leading provider of cloud-based endpoint data security and recovery.
Case in point: an employee of Siemens, a leading European manufacturer, was arrested in the Netherlands last month on suspicion of leaking patents and other company secrets to a Chinese competitor, according to Reuters news agency.
“Individuals can easily syphon off sensitive corporate information and pass it to unauthorised third-parties,” writes Orloff in Info Security magazine. “Systems can also be infiltrated by those that wish to do your business harm or gain a competitive advantage from your data.”
And it’s a huge mistake to assume you only need to protect your company from cyber-attacks, according to Bruce Wimmer, G4S’s Senior Director and Leader of Counter Business Espionage.
He warns that business spying that doesn’t involve cyber intrusion is on the rise and is one of the greatest security risks to businesses, dwarfing the threat from cyber-attacks.
G4S’s corporate risk service division estimates the cost to business from business spying is as high as $1.1 trillion annually. By comparison, the impact of business-critical data being stolen remotely is estimated to be $400bn a year, G4S estimates.
“Many businesses consider the threat of a cyber-attack to be their biggest security concern and at their peril they ignore the threat of data loss where corporate spies uncover serious shortcomings in physical security arrangements,” says Wimmer.
“Disgruntled employees, competitors, foreign governments, and suppliers can act as an insider threat, over short and long periods of time, with little chance of detection if the business is only focusing on external cyber threats.”
The corporate spy will hone in on weaknesses, knowledge gaps and human frailty and there’s little point in monitoring systems if your company doesn’t also monitor the people who can access them.
“While a cyber-attack can bring down a company’s systems or access confidential information, there are many more ways that competitors or other corporate spies can attack a business,” warns Wimmer.
Worse, these methods can make an in-depth cyber-attack possible.
How to Protect Your Company’s Sensitive Information
Wimmer recommends doing the following:
- Conduct a security audit of your premises. Identify and test the rights of access and rights of way for all your employees as well as service providers (cleaners, engineers, IT professionals, etc.).
- Assess the processes you have for new employees, external suppliers and visitors. Share the information with relevant employees.
- Instigate a Clean Desk Policy and make sure it’s always enforced.
- Establish a process for the secure and timely disposal of sensitive printed material.
- Introduce a policy to protect sensitive information that covers how it is shared (or not) in conversations, meetings, telephone calls and paper documents.
- Ensure business executives who travel to meetings or conferences stay vigilant.
“Business executives are extremely vulnerable to spying when travelling,” says Wimmer.
“Travel security programmes address terror threats, criminal threats, potential political instability, even health and natural disasters, but they rarely cover business espionage threats – even though the business espionage threats almost always pose a more serious adverse business impact.”
Managing All The Threats and Risks To Your Business
Of course, corporate espionage is just one of the security risks your company might face. Besides security risks, there are risks involving finance, the organisation, legal and regulatory compliance, operations, reputation, service delivery, commerce, projects, safety, stakeholder management, strategy, and technology.
It’s no wonder that business owners and CEOs get overwhelmed when it comes to managing risk. Fortunately, we can help. The FD Centre will provide you with a highly experienced senior part-time FD with ‘big business experience’ who will work with you to understand the risk profile of your business and of the shareholders.
By managing the company’s risk profile and the risk profiles of the shareholders the whole business can be brought into alignment and can operate as a unit rather than as a set of individual parts.
This is actually one of the most critical roles in any business and your part-time FD will support and guide you through the process.
We have an intimate understanding of every conceivable risk growing businesses face.
This means that we can help you build a much stronger business by knowing how to navigate through the growth stages of the business cycle confident that you are equipped to meet the challenges as they present themselves.
Lower Your Risk Today
Let one of the CFO Centre’s part-time CFOs help you with business risk analysis. You can download a free report on Business Risk Assessment here or you can book a free one-to-one call with one of our part-time CFOs—just call us now on +64 (0)9 376 4940. Or go to: https://www.cfocentre.com.au/financebreakthroughsession/