What steps should be taken to detect alleged industrialcyber

What steps should be taken to detect alleged industrial/cyberespionage? Discuss the implications of each of the steps proposed.

Solution

- Identify Your CompaniesTrade secrets
The first step to protecting a company\'s trade secrets is to identify exactly
what those secrets are.This not only involvs looking inward,but looking outward as
well.

- Identify the Threats

Before firms develop strategies to counter industrial espionage, they need to understand what organizations present the largest threat. For instance, a company’s competitors may pose the most obvious danger. However, it should be kept in mind that visitors, customers, business partners, hackers, activist groups, and even foreign national governments are all potential threats and should be considered when building a counterespionage plan.

Train the Workforce

While firms may enact policies on the proper storage, control, and dissemination of information, they also need to ensure that their employees are trained to follow these procedures. Firms should conduct periodic training and awareness campaigns to inform employees about the threat from industrial espionage and the importance of information security. Employees should understand that the threat from espionage is internal as well as external. As such, they should instruct workers on the correct procedures for identifying and reporting suspicious activity.

Compartmentalize Information

Not all information needs to be accessible by every employee in a company. That is why information should be compartmentalized on a need to know basis. Even senior members of a particular corporation may not need to know every technical detail about business operations. As such, firms should put in place policies to segregate which employees have access to which information, with special attention given to those employees who have access to a company’s most vital trade secrets.

Conduct Background Checks and Monitoring

Firms should conduct a background checks on all employees with access to sensitive data. This may even include often-overlooked individuals such as janitors, caterers, and groundkeepers. Specifically, firms should attempt to identify any possible factors that could make a particular worker more prone to illegally disclosing information. Firms should also continue to carry out periodic security evaluations of their employees even after they have initially been vetted.

Establish Employee Exit Procedures

It is critical that business develop comprehensive employee exit policies. From day one, an employee needs to understand the firm’s policies on information security.

This means that all employees should be required to sign a nondisclosure agreement, and be reminded of this agreement upon leaving the firm. Moreover, firms should be aware that most cases of intellectual property theft perpetrated by employees occur during their last month of work. This is why it is important to make an employee’s exit as smooth and resentment-free as possible. Companies may also consider limiting the access workers who are expected to leave the organization in the near future.