Excuse: “I don’t see that we have a problem. No one is bugging our offices and boardroom.”
Reality: The first rule of espionage is, “Be invisible.” You won’t know if you are being eavesdropped on if you never check.
Myth: Peer pressure from upper management.
Reality: Most top management appreciate proactive security thinking from their staff.
Excuse: Yes.
Reality: A lack of awareness of the risks associated with electronic eavesdropping, or the need for TSCM security inspections is common. Management may be unaware of TSCM as an available countermeasure.
Myth: TSCM inspections can be expensive. The costs involved in hiring a professional TSCM specialist, or purchasing specialized equipment, and conducting regular inspections can be a deterrent to scheduling TSCM inspections.
Reality: Espionage losses are more expensive, much more. Hiring a TSCM specialist is very cost-effective, if you hire a competent firm. TSCM inspections are cheap insurance. Actually, better than insurance; TSCM can prevent the loss in the first place.
Excuse: Some businesses may believe that the risk of electronic eavesdropping is low in their industry or specific workplace. They might assume that their organization does not hold valuable or sensitive information that would attract eavesdroppers.
Reality: Being “in business” means having a competitive advantage, and others do want it.
Excuse: Conducting TSCM inspections requires specialized knowledge and equipment. If a business does not have the expertise in-house they may choose not to pursue these inspections.
Reality: Hiring an information security consultant–who has TSCM as their speciality–is the solution.
Myth: TSCM security inspections can temporarily disrupt normal business operations. The process involves sweeping the premises, potentially causing interruptions or inconveniences to employees or ongoing activities. Some businesses might be reluctant to undergo such disruptions.
Reality: Most inspections are conducted after business hours. When necessary, a TSCM team will assume the same dress and demeanor as employees, have a plausible reason for being in the area, and will work around employees so as not to disturb them.
Excuse: Businesses may have confidence in their existing security measures, such as physical security, cybersecurity, or access controls. They might believe that these measures are sufficient to protect against eavesdropping and thus forego TSCM security inspections.
Reality: Experience has shown that do-it-yourself security measures are never sufficient to protect against eavesdropping and other forms of information loss. TSCM inspections always identify vulnerabilities and provide recommendations for improvement.
Excuse: Depending on the industry or geographical location, there may be no legal or regulatory obligations that mandate TSCM inspections. In the absence of such requirements, businesses may choose not to prioritize these inspections.
Reality: The financial success of a business should be a more effective motivator than a legal requirement.
Myth: TSCM security inspections are invasive or a breach of employee privacy. They might fear that conducting such inspections could harm employee morale or create an atmosphere of distrust.
Reality: Employees appreciate security measures which protect their livelihood and personal privacy. When an employer demonstrates care for information security, employees will act more carefully too.
Excuse: Small businesses or those with resource constraints may prioritize other operational needs over TSCM security inspections. They might allocate their limited resources to other critical areas or invest in measures they perceive as more immediate concerns.
Reality: Defense is mandatory for survival. Budget waste and misallocation can usually fund TSCM security inspections without added expense, once corrected.
Excuse: Some businesses might have a sense of overconfidence in their security measures, believing that they are already adequately protected against electronic eavesdropping. This false sense of security can lead to complacency and a disregard for TSCM inspections.
Reality: These businesses are at-risk.
In this example, the competition has paid an inside employee (the Mail Room guy) to drop a few cables around certain parts of the corporate headquarters. They didn't tell him why. And, he doesn't care. Why should he? He gets $50 per cable dropped.
