Printer Friendly

Foiling the new corporate spy.

The new intelligence operatives are rarely stopped by security officers, detected by video surveillance, or even questioned by employees.

THE SMOOTH VOICE ON THE OTHER END OF THE PHONE. THE FRIENDLY FELLOW AT THE bar chatting with the company's salespeople. The job applicant asking a lot of questions. What do these people have in common? They represent just a few of the many faces of a new and quickly growing breed of corporate spy--the competitive intelligence operative.

Competitive intelligence operatives are rarely stopped by security officers, identified by video surveillance, or even questioned by most employees. Rather, they enter companies like yours in the ways described and by many other creative and, in most cases, legal means.

Competitive intelligence (CI) has entered the business mainstream. It is used by thousands of companies in virtually every industry.

One study of corporate intelligence conducted in 1989 found that 40 percent of Fortune 500 companies were involved in gathering competitive intelligence. It is highly likely that by now the majority of those firms have some form of CI program in place.

These methods, however, are not restricted to the corporate powerhouses. For the smaller business, in fact, CI could very well be the shortest distance between start-up and a major success.

CI differs from industrial espionage, at least in theory, in that its operatives have formed a professional association, the Society of Competitive Intelligence Professionals, and have established a code of ethics. In reality, practitioners are unlicensed, and the lines separating CI activities from those more commonly associated with industrial espionage are blurred.

CI operatives are responding to accelerating competitive pressures in an increasingly global economy and are influenced by the continuing erosion of societal values. The rapid proliferation of free-lance CI operatives and those working for CI consulting firms, many of whom are not trained for or committed to ethical intelligence gathering, adds to the problem.

Whatever form CI takes, it is no longer a patchwork of rogue agents. It is a well-organized, well-educated, and abundantly resourceful worldwide army. What this means to the company as a whole and security managers specifically is simply this: The danger of losing business secrets and everything invested in them is greater than ever before.

FAVORITE CI TARGETS INCLUDE research and development, marketing, manufacturing and production, and human resources.

Research and development. With all that is at stake in R&D, access is surprisingly easy. R&D personnel are almost always in the flow of information. Additionally, the open exchange of knowledge is an integral part of their nature and job. They participate in conferences, attend trade shows, and work with academic institutions--all prime opportunities for CI operatives to listen, mingle, and ask questions.

Researchers also publish their works in industry journals, possibly including details of projects being worked on. These materials are frequently just a few keystrokes away on a commercial data base.

Marketing. Insight into a company's marketing plans may be the most valuable gift of all to a competitor, and it's often what CI operatives seek first. Being careless in any way about such vital information as test marketing results, promotional strategies, and planned introduction dates can be disastrous. The end result could be a competitor beating a company to the market with a better quality or lower-priced product or service.

Manufacturing and production. Production managers are among the most consistently reliable information sources. For that matter, almost anyone answering the phone on the plant floor can be helpful. Being solicitous to the generally ignored rank-and-file is a common CI tactic.

Human resources. A 1989 survey of CI operatives(*) found that 85 percent regularly followed their competitors' hiring news. CI operatives closely follow help wanted ads, job postings, and job announcements. More ominously, CI operatives may use this information to arrange employment interviews, using these opportunities to learn far more about the firm than the prospective job entails.

Personnel departments deal with information that in itself can provide valuable insight to a competitor, such as compensation plans, plans to close or relocate facilities, expansion plans, and executive promotions.

In addition to these magnets of CI activity, other targets include purchasing agents and salespeople. Purchasing agents are helpful not only in explaining the latest happenings in product development but also in divulging suppliers, information about what is selling, and costs of raw materials and services.

Salespeople are truly multipurpose information sources--and talkative to boot. They are excellent contacts for information on pricing, product innovations, marketing programs, and more. Moreover, salespeople hear firsthand news from customers, competitors' salespeople, and other enlightened sources.

CI operatives aim for those in the organization who have extensive interactions with the outside. Public relations people and top executives are tempting targets. In their efforts to promote the company, they can easily let down their guard.

TO BREAK INTO AN ORGANIZATION, corporate intelligence professionals use a number of key access points. The telephone is the best method of receiving up-to-date information right from the source, both inside and outside a company. The skillful CI operative uses a variety of interviewing techniques, getting even the most cautious employees to discuss matters they probably should not.

Company employees have probably received calls at some point from people who are supposedly conducting a study. They may identify themselves as market researchers, industry analysts, or students working on term papers.

Labels such as these may contain an element of truth. Many CI operatives are or have been market researchers. More often, however, it is a tactic used to prevent being immediately identified as a competitor's agent.

Tours of a facility, although attractive from a public relations and sales point of view, are another way for the wrong people to obtain access. A reasonably unrestricted tour enables the CI operative to observe many things, such as equipment, processes, and the general flow of events. Even bulletin boards, caught by the operative's wandering eye, are a terrific means of obtaining company information.

Individual visitors can pose the same danger, particularly if their identities are not checked, their objectives not confirmed, and their movements not carefully controlled once inside the facility.

Publications from a firm are easily accessible and frequently contain superb intelligence. This includes company newsletters and magazines, as well as articles written by executives, technical papers from R&D staff, and so forth. Speeches given by executives, press releases, and press conferences can provide equally beneficial insights.

Perhaps the best intelligence of all can be obtained from business associates. Suppliers, for example, are often the most knowledgeable outside source on a company. They know intimate details about the organization's business products, production processes, and total outputs.

One prominent CI consulting firm has spent years developing close relationships with suppliers in a number of industries. These suppliers are only a phone call away when key tactical information is needed about a new product, such as monthly production volume or technical features.

In many ways, suppliers are a company's partners in sales and marketing. Of course, being motivated to sell their products and services, most of these businesses are anxious to work with others as well.

The result? A sales pitch to a competitor--or a competitor's hired snoop--in which detailed information about previous and current business dealings with all of their clients is willingly discussed.

Distributors, like suppliers, can unwittingly help CI operatives, telling them how well one company's product is selling, how much is sitting in the warehouse, and how long it takes for the company to deliver. The same is true of the independent truckers and railroads shipping products. Vendor employees are rarely recognized for the potential security risk they represent.

Maintenance workers and other service personnel might not be well paid or especially well treated. They may have no particular loyalty to the employer. They are also easily impersonated and can sometimes be bought off.

There's a story of a CI operative who approached a custodian working at a competitor's facility and offered to pay him for separating the trash in a specific area and handing it over to the CI. The janitor refused. He had already been hired to do the same job for another competitor.

Customers and prospective customers are another potential source of information about a company's prices, terms, and service. They may be willing to reveal all for the promise of a better deal from a competitor's representatives.

SAFEGUARDING SENSITIVE INFORMATION is the business of everyone in the organization. However, it is not always possible or practical to protect everything. Furthermore, the flow of information both within and outside the organization cannot be totally disrupted.

The process, therefore, begins by determining what information requires protection. This is best carried out by a qualified team of managers and staff from departments that deal with proprietary information. Add to the team representatives from most, if not all, of the following departments: corporate security, management information systems (MIS), human resources, records management, and legal.

The team should begin by identifying those components that give the company its competitive edge in the marketplace. These factors may include the quality of the product, service, price, manufacturing technology, or distribution.

One way of approaching this is by playing the role of the competition, determining the information that is wanted and the ways the company would benefit from obtaining it.

Once these competitive advantages are clearly identified, the primary focus of the information security effort becomes the departments within the company from which these elements of success arise.

A successful information security program is multifaceted. It involves everything from gaining the support of top management to creating security awareness among employees at all levels.

Maintaining staff participation on a continuous basis is the bedrock of any information security program. Employees should understand that their professional well-being and growth depends on their company's success. It should be made clear to them regularly that profitability in large part depends on their vigilance in protecting the organization's proprietary information.

The urgency of telephone safety cannot be overemphasized. Whenever a question arises about a given caller and the information being sought, employees should be told to terminate the conversation or direct the caller to the company's public relations department or designated information clearinghouse.

As a training exercise, companies may want to play the role of a competitor and phone employees, using different interviewing methods to build employees' skills in properly handling requests for information.

This training is appropriate not only for employees dealing directly with proprietary information but also for clerical staff, temporary help, and anyone else who picks up the phone.

Document classification is a key step in any information security arrangement. Working closely with management and staff in each of the specified security areas, proprietary documents should be classified according to the level of security that best meets the company's needs.

Classifications might begin with "private" for personnel-related matters and move up to "restricted" or "limited" for, say, pricing and marketing information.

For actual trade secrets and other sensitive information, classifications such as "registered" or "restricted-registered" are recommended and should be affixed to each page of the document at issue. Under these classifications, both the number of copies and those who can see them are strictly controlled.

All notes, drafts, blueprints, and other versions should be included in this process. All such documents should, of course, be securely locked away when not in use and shredded or safely disposed of immediately after use.

The same standards should be applied to all related nondocumentary communications. Employees need to know they are equally accountable for what they say, whether it be over the phone, at professional gatherings, in classrooms, or in public places.

To minimize the risks posed by visitors, they should be kept within a well-defined area where sensitive information cannot be spotted and where they cannot wander. Visitors should be escorted by their host at all times, never just signed in, given a badge, and set free.

Plant tours should not be given unless an overriding civic duty or business-related obligation requires the company to do so. If they are necessary, an organization should give them only to special guests and customers, and, if possible, should limit tours to areas that reveal little or no significant information.

All materials emanating from the firm, including newsletters, journal articles, media information, executives' speeches, should be carefully reviewed and edited. Management should ask itself if the information is something a competitor would find useful.

Employees should be asked to sign nondisclosure agreements. Everyone directly or indirectly involved with sensitive information should sign these, including subcontractors employees, clerical staff, consultants, and temporaries.

Whatever their ultimate legal worth, the real value of such agreements is in the image of toughness and resolve they create for the company. A comprehensive nondisclosure document lets everyone know that the firm is serious about preventing information leaks. Management should regularly restate employees obligations under the agreement.

It's equally important to keep nonemployees aware of the company's security needs. Suppliers, distributors, and others privy to sensitive material should be periodically reminded of the company's security requirements. They should be asked to sign nondisclosure agreements.

The procurement department needs to understand how important these issues are to vendor relationships and, more specifically, to all vendor employees with access to sensitive areas of the facility.

Even in cases where a genuinely trustworthy relationship exists with suppliers, management should carefully assess any information exchanged with them. Suppliers need to know enough about their client's products, processes, and strategies to be effective. Yet executives may be surprised how much information provided is not essential.

Companies should pay special attention to their purchasing agents. Being on the front lines with suppliers, their dealings with them can result in a potentially hazardous, albeit well-intentioned, outflow of information.

IF ONE FACTOR BEST ENSURES THE LONG-term success of an information security program, it is open lines of communication. Policy statements and published guidelines alone will never get the job done.

Regular reminders are necessary to keep employees motivated and up to date on security issues. Newsletters, bulletin board postings, stand-alone displays in prominent locations, and messages via electronic mail are among the most effective and inexpensive means of accomplishing this. Companies should not forget employees in branch offices or other off-site locations.

A company-wide committee should be formed to coordinate information security-related communications, maintain the active participation of managers and staff, provide incentives for input on ways to enhance the program, administer information security training sessions, help maintain oversight of outside organizations with which the firm does business, and serve as a clearinghouse for security-related issues and problems.

Companies should always look at information security as a commonsense issue, not a dollars and cents issue. The cost will be negligible in comparison to some of the more elaborate physical security measures, which will not keep out most CI operatives in any case.

Whatever the expenditure, the information security program pays for itself when the door has been slammed shut on just one aggressive competitor or at least greatly limited anything this rival can learn. From there, the benefits keep accumulating, as long as information security remains a continual commitment among all employees.

*Ian Gordon, Beat the Competition: How to Use Competitive Intelligence to Develop Winning Business Strategies (Cambridge, MA: Basil Blackwell, 1989). Gordon's survey was comprised of 175 CI operatives. Following are a few other highlights from the study:

* Forty-four percent of the CI operatives polled would hire specific employees from competitors to gain special insights.

* Forty percent would visit competitors' plants without revealing the objective of doing so if they could get away with it.

* Nineteen percent would rent a plane to fly over a competitor's new plant to determine its size and purpose.

Marc Tanzer is president of BCI/Information Security Inc. in Portland, OR. He is a member of ASIS.
COPYRIGHT 1992 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1992 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Tanzer, Marc
Publication:Security Management
Date:Sep 1, 1992
Previous Article:Managing Contract Security Services: A Business Approach.
Next Article:Counterespionage techniques that work.

Related Articles
The cloak-&-dagger communicator.
Welcome to cold war II.
Spy Wars: In the war on terrorism, intelligence may be our best weapon. America's spies are on the case. (News Special).
Spooks in the media. (Eco-Mole).
Secret Empire: Eisenhower, the CIA, and the Hidden Story of America's Space Espionage.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters