FREE online courses on Corporate Espionage - What can be
done about it - Operations Countermeasures
Operations
Countermeasures: As in module II (operations vulnerabilities),
operational countermeasures, too, have been classified under four broad heads:
Educate people about the value of information; create awareness,
not by speeches or threats of punitive action, but by stirring up curiosity and
interest.
Stress on how to prevent daily leakage of snippets of information
Illustrate with examples/film shows; dramatize!
Tell them exactly what they should and/or should not be doing: DO's
and DON'Ts: publicize through ongoing process – talks, posters, suggestion
schemes.
Employee awareness multiplies a hundred fold, the efforts of your
security people
Security staff also needs fresh orientation/motivation.
A
Five-Star Hotel was losing lacs of rupees annually through pilferage of cutlery
and room accessories (coasters, ashtrays, clocks etc.) After an awareness
program, losses on this account came down by 75%. In the field of information
pilferage, strict control over communications systems (recording of all phone
calls, ‘fax locked' box (key with Manager, Operations) etc. resulted in plugging
leakage of bookings data (especially group/ party/ institutional bookings) to a
competitor through one of the hotel's bell boys. Occupancy jumped by 70% -in the
off season!
People crave recognition/appreciation,
and tangible incentives are powerful motivators. The above example of a steady
information leak shows how an innovative management can get information from
employees/ obtain leads to:
Detect information (i.e. money for the
hotel) leaks
Suitable steps to plug these leaks
Alert others, by demonstrative response,
to good work being rewarded
Banks regularly
publish photographs/ ‘incident' sketches in House Magazines, highlighting
security awareness/ good presence of mind by staff. For an individual lost in a
sea of personnel, this way of gaining fame is a strong motivator and has
‘cascade' effect. As a rule, Bank employees are highly aware of information
value, in keeping with their line of work. This is the result of a long-term,
sustained awareness program.
Call Back Check: whenever sensitive information is requested
by phone/ fax from unknown/ less-known individuals who have not been previously
authorized access to such data by a suitable authority, they should be asked to
leave a phone number.
This can be cross checked from Directory
Information Services
If the said person is available on
dialing back after some time, chances of a genuine enquiry are strengthened
(not proved!).
Sensitive information should only be
released after proper authorization by a supervisor.
Install CLI (Calling Line/
Identification) facility to further cross check.
Telephone exchanges
(for booking Trunk calls), Airlines and Hotels(to confirm authenticity of bookings made over the telephone) observe
this as a standard practice. You can, too.
Information, however non-sensitive,
should not be automatically handed over
Perceptions/ priority of information may
not be readily apparent to everyone, especially front-office staff
Always ask why the person wants the
information
Consult, before release
Increased awareness training/education,
will reduce need for supervision of this area of leakage.
Train staff to rarely volunteer
information.
Guard against ‘social engineering'.
Mukesh had a secret meeting with a prospective client in an expensive restaurant
and had slipped away unnoticed. But an operative was able to get the information
of his whereabouts by asking reception when he'd be back – they loudly
calculated time to eat lunch/discuss, travel time from the restaurant (named) to
office and asked him to return after two hours. He rushed to the restaurant,
spotted them coming out, then tailed the party and submitted the rival company's
offer. Small mistakes can cost heavily.
In the above example,
a simple request for a business card (he had none in his false identify) would
have foiled the bid. Car finance companies initially call for Company Business
Cards, as a routine screen.
ID Cards of most
Government/Private Sector departments are easy to fake. One corner shop in Karol
Bagh had hundreds of different IDs card formats/lamination arrangements/chain.
On 25th July 2000 an imposter was caught impersonating a TTE in the
first class A C compartment of a prominent train. He used to pose as a TTE,
pretend to find fault in the ticket, express a need to show it to his
supervisor, then detrain at the next stop and sell the ticket @50% value. His
fake ID card had netted him over Rs 1,50,000 at the time of his arrest.
Can be easily monitored where secluded/
exclusive staff quarters are provided, and guards at entry gate are vigilant.
Staff quarters are an HR additive, a huge motivator, as are staff buses. Both
also aim at security.
May reveal an unhealthy nexus aimed at
personal gain by unscrupulous/ disgruntled employee(s).
Large Companies like MUL and Escorts
have exclusive staff colonies.
Disclose information vital to the
company's security/business
Start his own business (after leaving
the company) on the same pattern as previous employer, before lapse of at least
12 months.
Many Government
Departments prohibit retiring personnel from taking up re-employment,
independent of Government referral, before 24 months have elapsed.
