Why do I need a Proactive TSCM Strategy?
Information is probably your organisation’s most valuable asset. We would all like information about our competitors’ products, pricing structures, unique selling points, in fact any information which would give us that commercial edge. Imagine if sensitive information relating to your organisation’s financial or strategic position was revealed to your competitors or the media, what effect could that have on your reputation, financial position or client confidence?
There are no official statistics relating to corporate espionage (evidence of surveillance is often suppressed to avoid publicity), however G4S estimated the global cost of corporate espionage to be $1.7 trillion in 2018 while some estimate the cost of cybercrime alone to go up to $6 trillion by 2021.
What is also driving espionage and the use of listening and video devices is the increasing sophistication, durability and ready availability of items on the market. In the UK, bugging devices can be readily bought over the counter and through popular online retailers, and the devices are smaller and capable of being on for longer periods to capture information. This is making the corporate spy’s job even easier.
The threat of corporate espionage is real. We regularly report cases of espionage on our Twitter feed, and certain news sites have sections dedicated to espionage news. Hostile foreign state attacks are frequent and not all motivated by political interests. The hackers’ attempts to disrupt and infiltrate the pharmaceutical companies researching Covid-19 vaccines were heavily in the news in 2020.
Some of the most common instances of corporate espionage and hostile surveillance occur when organisations embark on merger and acquisition strategies. A classic case was Proctor and Gamble who were found culpable of illegal intelligence gathering in 2001 when they confessed to rifling through the trash to gain information on rival Unilever’s hair-care business. Both companies were competing to acquire Clairol at the time. It cost P&G $10m in compensation to Unilever but they did ultimately acquire Clairol! More recently, the Barclays brothers dispute over the sale of The Ritz hotel in 2019 focused on the nephew’s bugging of the hotel conservatory to uncover private conversations which ultimately led to the hotel being sold for less than half its market value.
Other common instances include cases of litigation and human resources. Between 2001 and 2007, Deutsch Bank admitted to episodes of spying on several people including employees and the Munich law firm of Bub Gauweiler & Partner which represented Leo Kirch, an individual who had criticised the bank.
Malicious activities have been perpetrated by disgruntled current or former employees as well as by competitors, criminals and foreign states and it is therefore fundamental that precautions are taken to protect current and future sensitive and confidential conversations and information, at a time when information relating to an organisations activities and plans are likely to be extremely valuable to competitors and others connected or affected by the plans.
Whilst it can be difficult to quantify the impact that espionage may cause, what is clear is that when an organisation loses control of its proprietary information, there can be serious implications. However, many organisations are still failing to grasp the enormity of the problem and decisions on how to respond to attacks are often made retrospectively.
It is important to remember that information comes in many forms: paper, conversational as well as digital and it is therefore imperative that any information security program incorporates more than the traditional physical security measures and IT network system tests and considers the threat to information from other threats including GSM bugs, audio bugs, hidden cameras, laser attacks and the insider threat. Admittedly, some of these methodologies are difficult to detect and this is the province of the TSCM professional.
Managing Espionage Risk with an Appropriate TSCM Strategy
When suspicion arises that information has leaked from an organisation, many companies will quickly look at employing the services of a specialist Technical Surveillance Countermeasures (TSCM) or “bug sweeping” company, to detect, identify and locate any illicit eavesdropping devices. Whilst this may seem a logical reaction, this “closing the stable door after the horse has bolted” approach does not demonstrate best practice and to simply ignore the risk and allow information to potentially haemorrhage from an organisation could be seen as negligent, particularly in light of the introduction of personal liability for directors in connection with Corporate Governance issues and compliance.
In order to manage the risk of corporate espionage effectively, it is important that organisations consider a cohesive strategy that supports the overall business strategy. In ideal circumstances, guidance would be to limit the areas or meeting rooms where sensitive conversations take place, and then implement sufficient appropriate and proportionate measures to protect these areas as reasonably and cost efficiently as possible, based upon the threat and risk of espionage. This might be via a programme of TSCM surveys, the installation of permanent countermeasure solutions, the training of in-house security personnel or via awareness training for key staff.
It’s also important to note that a TSCM survey involves more than just an electronic ‘sweep’. As well as locating and identifying hostile electronic surveillance devices, an effective TSCM program is designed to detect technical security hazards, physical security weaknesses or security policy and procedural inadequacies that would allow your premises to be technically or physically penetrated.
A more holistic and strategic approach to counter surveillance will consider the wider implications of hostile attacks and how they might affect the business as a whole. This will ultimately provide solutions which deliver an integrated way of thinking that combines all aspects of security with financial pragmatism. Such an approach should provide companies significant savings in relation to its security whilst increasing its effectiveness and support to the business.
Benefits of a Proactive TSCM Strategy
The potential loss and reputational damage that an information breach might incur can far outweigh the cost of implementing a proactive TSCM strategy. Prevention is better than cure.
Having a proactive TSCM program in place demonstrate a best practice approach which will reassure board members, clients and stakeholders.
Corporate Compliance & Corporate Responsibility
The duty to identify and manage regulatory risk is a key requirement of today’s board and a proactive TSCM program will assist organisations in achieving compliance around the protection of its information.
A TSCM program will detect and report on physical security weaknesses or inadequacies that would allow your premises to be technically or physically penetrated, this enhancing the overall security of the organisation.
Having overt counter-surveillance policies in place can act as a deterrent to thieves, competitors and errant employees.
Peace of Mind
Having a proactive TSCM program in place will provide you with peace of mind that your conversations and information will remain confidential and allow you to concentrate on business as usual.
Consideration of corporate espionage and its effects should be an integral part of risk management and the business strategy. To be in the position whereby an organisation can promote the fact that it has considered every eventuality is a proactive move that will not only ensure corporate compliance, but will assist new business acquisition from increasingly security-conscious corporate clients as well as offering an additional level of comfort to existing clients.
A more holistic and strategic approach to counter surveillance will consider the wider implications of hostile attacks and how they might affect the business as a whole which will ultimately provide solutions which deliver an integrated way of thinking that combines all aspects of security with financial pragmatism. This proactive TSCM strategy approach should also provide companies significant savings in relation to their security whilst increasing their effectiveness and support to the business.