I meant to write about the subject of spying and corporate information security for a while now but got around to it only now. The article Confessions of a Corporate Spy has provided an excellent background for the discussion and is absolutely worth a read.
Twenty years ago the corporate spying was already abound and me, as a fresh employee, was excited to find out that we are actually being spied upon. We had to keep quiet about our work when we went out for drinks or lunches. Once a Good Samaritan lady reported overhearing our colleagues talk about their work in a restaurant near the company. This lead to disciplinary measures and the whole company new what happened. And we all new it was wrong to discuss things outside.
Fast forward twenty years. The company managers discuss the upcoming mergers and acquisitions in a social network account of a third-party company. Details of products, designs, problems, customers are exchanged freely at lunch tables and in trains. How often do you see privacy screens on laptops of people doing their work in trains and at the airports?
People became careless. It’s like if in the drive to deliver more and faster we completely forgot that the competition does not really have to do a lot to catch up with us if they have all the information available to them. We forgot that despite the information flowing in heaps over the Internet we still have to protect it in all the mundane places. Web security, application security, network security do not matter anything if all the same information is available to anyone who can listen carefully and record.
Security is said to be about finding the weakest link and mending it. Nowadays, the physical security of information is rising in the ranks and will become the weakest link. Sometimes it already is. Especially when a specialist in competitive intelligence comes around. With the business intelligence market estimated at $80 billion, do you think we should be sloppy?
Making sure your people know that it is a really bad idea to talk business outside a business setting, to talk confidential information to strangers, to work on company numbers where the screen can be seen and so on is not that hard. Companies 20 years ago did it. We can do it now. Let’s do it.