- Most “computerized” information is available
elsewhere long before it is put into a computer. - Hacking is only one tool in the spy's kit.
- Data theft is the low-hanging fruit of the business
espionage world. Pros use bucket trucks. - Traditional spying is invisible. Hacking leaves trails.
Result... IT guy gets budget. Company is still a sieve.
Go Holistic
Close All Loopholes
Loophole 1: Information Generation
People generate information. They talk, discuss, plan. The human voice contains the freshest information.
Conduct Technical Surveillance Countermeasures (TSCM) inspections of offices, labs, conference and boardrooms on a scheduled basis. TSCM works.
Ford Motors found voice recorders hidden in seven of their conference rooms this summer.
Loophole 2: Information Transmission
People communicate. They phone, fax, email, hold teleconferences — over LAN, Wi-Fi and cables.
Traditional wiretapping and VoIP/Wi-Fi transmission intercepts are very effective spy tools. TSCM sweeps discover attacks.
Loophole 3: Information Storage
People store information all over the place; in unlocked offices, desks, and file cabinets. Photocopiers store all print jobs in memory. TSCM surveys identify poor storage, and the perimeter security gaps which put storage at risk.
Loophole 4: Information Handling
People control information. Educate them. Security briefings don’t have to be long and tedious. Establish basic rules and procedures. Enforce them.
Effective information security requires a holistic protection plan. IT security is an important part of this plan, but it is only one door to your house of information.
by Kevin D. Murray CPP, CISM, CFE