The majority of information losses are caused by people, not electronic eavesdropping. Your employees are your weak links. They are tripped up by social engineering attacks, and their own poor security practices. They are also your first line of defense. You need them on your side to fix the problem.
Don't start by accusing them.
What if your loss is a concerted business espionage attack? What if your office is bugged? What if your cell phone is infected with spyware? Think of the damage a false accusation would cause. Morale and law suits top a long list of possible collateral damage.
An electronic surveillance detection sweep (aka TSCM) is the best first step. Work with a specialist who can also identify your other information security loopholes. Eliminate the eavesdropping and espionage possibility first.
Once you have cleared your organization of bugs and wiretaps, and plugged the info-leak vulnerabilities, think ahead. Be proactive. Follow up with security awareness training.
Resources:
Electronic Surveillance Detection and Business Counterespionage Consulting: Contact me for a referral to a competent specialist who suits your needs. ~Kevin
