As technological developments have helped turn the world into a global village, they have also made it easier to steal, extract, and communicate confidential information – leading to an increased frequency of corporate espionage.
Take Apple for example; despite deploying leading security measures and monitoring activities, the tech giant has had two espionage attempts in one year, foiled just as the convicts were departing the country.
In fact, a 2014 report estimated the global cost of industrial espionage to be $445 billion. Considering how the economy has shaped up since then, the figure may well be over the $1 trillion mark.
Should small businesses be concerned?
It’s not only the Silicon Valley giants who have to face espionage. Rather, smaller businesses have more to lose. With 31% of all cyber-espionage attacks aimed at small businesses, the loss of important information can leave them facing bankruptcy.
Indeed, according to the U.S National Cyber Security Alliance, 60% of Small Medium Enterprises (SMEs) shut down within six months after a cyber-attack. What’s more, it costs approximately $690,000 and $1million for such businesses to clean up after an attack.
As Jody Westby, CEO of Global Cyber Risk says, “it is the data that makes a business attractive, not the size – especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property.”
Why Are Small Businesses Targeted?
Smaller businesses are easy targets of corporate espionage, as they tend to have weaker security compared to large corporations.
The Internet Security Threat Report shows, for instance, that while 58% of small businesses show awareness and concern about a possible attack, 51% of them still have no budget allocated to prevent it.
It seems, also, that the problem is getting worse, as outlined by cyber-security experts in PwC’s Global State of Information Security Survey: small organizations, with annual revenue of under $100 million, have reduced their security budget by 20%, even as large organizations are spending 5% more on security.
Indeed, as large organizations are getting better at defending themselves against different types of espionage, criminals are “moving down the business food chain.” For example, cyber-attacks to steal information from small businesses have increased by 64% in a span of four years, as large businesses have adopted more robust security protocols.
As a result, all kinds of small businesses, from educational institutes to healthcare, are at constant risk of espionage, and cyber-attacks.
Consider, for example, the case of Marian University in Wisconsin; they lost approximately $189,000 via bank transfers. Similarly, Evergreen Children’s Association lost $30,000 due to a Trojan attack in 2009, and Steuben Arc’s work for disabled adults was made more difficult by an internal attack by an accountant.
Additionally, SMEs tend to do business online via cloud services with poor protection, and close to no encryption technology. They are also more involved in mobile business operations with complicated networks – thus, making them more susceptible to information theft and attacks.
It can be surmised, therefore, that small businesses are under constant threat for the following reasons:
- Little to no expertise, or sufficient budget to protect themselves from an attack
- No security personnel on board to detect espionage on an immediate basis
- Very little risk awareness, poor background checking and employee training to protect against an internal attack
- Outsourcing security operations to inexperienced third party organizations and security administrators
How to protect your business against espionage?
The question then emerges: how can small businesses protect themselves against espionage?
Below are three main ways organizations can protect themselves indefinitely, and ensure maximum protection.
Safeguard critical information
Misinformation, negligence, and internal employee scams are some of the most common reasons for espionage in businesses.
As such, multi-factor authentication techniques ensure a more secure database.
At the very least, a two-step verification process is fundamental to all businesses; while one-factor authentication includes the use of a strong password, two-factor authentications are based on a security code, combined with an ID card or other means.
Companies like Stripe, for instance, have double authentication involving a pin code sent to mobile phones upon login.
In some cases, businesses can add an extra layer of protection through a three-factor authentication process, involving fingerprint, voice, or eye scans.
Another way to safeguard your data is by tracking printer and copier machines, and enforcing a clean-desk policy as directed by the ISO 27001 information security standard. As the title implies, this simply includes wiping the desk clean at the end of the workday – disposing or removing all kinds of removable media, including USB’s, confidential reports, or Post It notes.
Finally, password management is a worthwhile endeavor that can be carried out with tools such as LastPass. These help employees remember, and set up strong passwords for all their portals, thus effectively increasing security.
Invest in surveillance
The second major tactic that small business owners should be aware of includes investing in a more robust surveillance system.
Internal threats, including theft by new employees or disgruntled and envious workers, contractors, and suppliers, are difficult to deal with.
What’s more, with information being quickly disseminated via online communication portals and conferences, it is more important than ever to monitor employee activity. This can be done via various software packages, such as Desktime Pro, Hubstaff, InterGuard, and StaffCop Enterprise.
Additionally, installing CCTV cameras and monitoring screens in case of confidential data sharing are important security measures that all small businesses should consider.
The key to surveillance, however, is transparency; all employees should be made aware of these monitoring practices for added deterrence.
Finally, espionage from competitors and former employees can be ameliorated through proper legal restrictions, such as copyrights, patents, and confidentiality agreements.
Create a firm security plan
Protection against espionage requires a robust employee code of conduct and a well-designed security plan.
According to Forbes, here are some tips for devising a good security plan:
- Conduct regular security audits to identify vulnerable data, both online and in physical premises
- Block or disable camera access on employees’ cell phones – visitors’ phones can also be withheld when necessary
- Set protocols involving badge access for employees going into specific areas containing confidential information
- Enforce policies outlining a safe way to share information via face to face conversation, online software, social media, or conferences
- Educate employees about safety protocols, and potential threats to the firm
- Conduct regular training workshops on how to use two-step authentication processes
- Require mandatory reporting of any suspicious activity, and suspected phishing scams
With increased automation and access to data online, small businesses are clearly at an increased risk of corporate espionage.
While big businesses, frightened by news of attacks in giants like Apple, are quickly building a more robust security management system, small businesses are slow to pick up on this trend.
It is a good idea, therefore, to invest in background check services offered by providers like Check Them. This way, you can conduct a deep web search, and protect your business’ information.
Specifically, Check Them finds if your information has been hacked or exploited on the deep web, simply through your e-mail address.
Additionally, with the right security plan, information safeguarding policies, and investment in surveillance, all businesses can ensure that they are fully protected against such threats.