How to protect your business from corporate identity theft and espionage
The loss of valuable company information can be damaging to a firm’s commercial fortunes as well as its reputation. We review some of the steps you can take to safeguard information artefacts that could help a competitor.
Information can be a company’s most valuable asset. Customer records, intellectual property such as technical layouts, patents and documents such as business plans and physical prototypes are all vital to staying competitive. If they fall into the wrong hands, the commercial damage can be immense – not to mention the reputational impact and embarrassment of public revelations about lax security.
Industrial espionage may be illegal, but it is still a very real threat. Perpetrators are often overseas and may be impossible to trace, making the prospect of successfully identifying and prosecuting them fairly remote. Instead, companies need to put their efforts into identifying risks and doing everything they can to prevent espionage and corporate identity theft from happening in the first place.
Know the risks
First, establish what your trade secrets are. What information and knowledge does your company possess that competitors don’t? Identifying valuable resources may involve looking outward, to rivals’ operations, as well as inward to your own resources.
Bear in mind that physical artefacts can contain important information too. In the hands of an expert, a prototype or work-in-progress product could be reverse-engineered, revealing its secrets to a competitor and allowing them to beat you to the market.
Next, pinpoint your vulnerabilities, or which organisations pose the greatest threat of espionage. Competitors are the obvious first stop, but not necessarily the most significant. Hackers target companies to obtain crucial information and then hold it to ransom by threatening to disclose it, or just sell it to the highest bidder. You should also consider ‘friendly’ avenues of espionage – customers, visitors and even business partners are all potential threats.
Secure your site
Many of the techniques that protect you against burglars and vandals are also effective against industrial spies. Your offices, manufacturing plant, equipment and infrastructure should all be kept physically secure against intruders. Entry points need to be secured, and surveillance equipment installed where required. Obviously, you should pay most attention to the sites and areas where the most valuable information and items are kept, and make sure they are put under extra protection such as locks, alarms or safes.
Secure your data
As the modern-day saying goes, ‘information wants to be free’. Left to their own devices, organisations tend to leak data like sieves, and you need to be constantly vigilant to make sure your secrets don’t escape.
Digital information security has several aspects. First and foremost, the systems and data you use need to be secure in themselves, as do the servers on which they are kept. Special care is needed if people are able to take equipment off-site (such as laptops), or bring their own devices to work.
You’ll need to consider procedures for granting access to different levels or groups – even senior personnel might not necessarily need access to everything, particularly if the information is highly technical or operational.
Remember that data can turn into paper at the click of a mouse. Once it’s printed out, information can go anywhere, with anyone, at any time. So staff need to understand the risks of this, and be encouraged to dispose of old paper records as soon as they’re no longer required – for example, through secure shredding services.
People and training
Once you’ve established security procedures, it’s important that people are trained to put them into practice. It’s no use having a watertight security policy if people don’t know what they have to do to enforce it. Staff might need regular refresher sessions, plus it’s worth consulting them on security flaws they may have spotted in their day-to-day work.
Everyone with access to sensitive data and items should be subject to a background check when they join the firm, with regular re-evaluations later on. Exit procedures are important too, in order to prevent people quite literally walking out of the door with secrets when they move on from your firm.
Employees can be asked to sign a non-disclosure agreement, and their access can be restricted if they are expected to leave soon.
Secure disposal of old records, data and artefacts
One of the most important steps you can take to guard against industrial espionage, and corporate identity theft, is to dispose of confidential records and valuable artefacts safely and securely when you no longer need them.
Documents including business plans, financial records, technical plans and more could all be enormously valuable in the wrong hands. The best way to dispose of all these forms of information, whether paper or digital, is by shredding. Paper, files, hard drives and removable media such as USB sticks and CD/DVD discs can all be shredded, as well as items open to misuse such as old company uniforms.
Prototypes, unwanted products, and documents can be shredded guaranteeing that their secrets can never be unlocked. Modern shredders can handle an enormous range of items and materials; you might be surprised at what can be disposed of this way.
At Shred Station, we can carry out secure paper, textile and product shredding at your own premises or at our own secure sites. All our staff are security screened to BS 7858, and our plant is protected by state of the art security measures. Once shredding is complete, we’ll give you a certificate of destruction to confirm that all your records and other items have been put beyond the reach of spies.