Ever since Snowden’s revelations, we’re all aware our digital data are not safe by default. The risk is not limited to states and governments. In particular, other companies may want to know certain confidential information about you. Some may even be willing to pay a fortune for that information, even if it means engaging in illegal activities, such as cyberespionage. And they will always find mercenaries to take risks incurred by these activities to provide them with this information. So you must learn how to protect your business data from corporate spying.
What is corporate espionage (or industrial spying or cyberespionage)?
Corporate espionage or industrial spying includes all activities intended to obtain secret information that could give a competitive advantage or, on the contrary, that could harm the company concerned if disclosed. This kind of vicious acts can affect companies of any size. Many kinds of people can perform it : a hacker online you don’t know, a competitor looking for a way to harm your business, a fake technician supposedly here to check your computer, an unscrupulous employee, …
What are spies looking for?
Many kinds of information can be valuable to your competitors or enemies, like :
- data about your range of products or the products you’re developing;
- data about your R&D (design, prototypes,…) and your R&D team;
- data about your customers or clients and the deals you have struck with them;
- data about other kinds of contracts. For instance, how much do you pay the best-talented people in your company (this information would be useful for your competitors to offer them a slightly better deal);
- data about your marketing strategy;
- data about your financial situation and accountancy data, especially if your company is publicly listed.
Is your company threatened by cyberespionage?
If your company does much research and development (R&D) work, you need to be more vigilant. R&D often involves expensive solutions and technologies that people might covet.
But reports of corporate spying are also standard among the retail, financial, and public industries. Why? Because they are very competitive sectors, but also because they invest little in cybersecurity. As a result, their data is often poorly protected and easier to access.
Remember that all companies are threatened by industrial spying, even SME, or even more SME, should we write. SMEs are indeed a privileged target, because they often lack critical steps to protect them against hacking and espionage. Also, they are typically used as a gateway to reach larger companies.
That’s why it’s better to learn how to protect your company’s data and prevent corporate espionage.
12 tips to protect your business data from corporate spying
1 – Lock your IT systems
Use anti-virus or anti-intrusion software on all your company’s computers to secure your data. Protect your network as well with a firewall and other security tools. Back up all your data regularly. Ideally, sensitive data should be processed on computers not connected to the network and even less to Internet (forbid cloud storage). To back them up, banish cloud solutions and copy them on a central database or burned media.
2 – Secure internal IT
Restrict the number of employees in the company having an administrator ID and password to access the central rights’ management system. Create separate users/administrator profiles and reduce the access rights associated with user profiles to a strict minimum. Using a virtual machine is a perfect way to isolate the host system.
3 – Choose secure passwords
Pay particular attention to passwords, which are still the Achilles’ heel of many companies in terms of cybersecurity. Make sure your employees follow password best practices and avoid bad password habits.
4 – Opt for multiple-factor authentication whenever possible
Between two software solutions, systematically chose the one that offers the most secure authentication method. It’s actually quite easy to set up 2FA. Plus, it’s a great way to improve the security of your accounts.
5 – Secure your emails
Subscribe for a secure messaging system with end-to-end data encryption, digital signatures, and two-factor authentication (2FA).
Pay special attention to your mailbox. There are email security mistakes you need to avoid. Systematically check the address of the senders and recipients of an email. Also, carefully examine the attachments. If they contain macros, or if you’re unfamiliar with their extension (.pdf, .jpg, .doc, .xls, etc.), do not hesitate to call the sender of the message to confirm that these documents come from him. Never forget, it’s easy to unknowingly download malware that can steal data or spy on your activities.
6 – Secure internal documentation
Take some steps to restrict the distribution of the most sensitive documents. Destroy documents that are no longer relevant (shred or burn them). Secret paper documents should be kept in safes. Digital documents should be managed in an electronic filing system with data encryption and access restricted to authorized persons only.
Shredders are a great way to avoid having rubbish cans filled with perfectly usable documents.
7 – Secure your premises
Your company can secure its physical access with access control systems (badges, digicode at the entrance). Have security cameras installed at strategic points of your premises (lobbies, common areas, corridors, etc.).
Establish an appropriate level of mistrust about visitors. Beware of quid pro quo attacks! A cleaning agent or an IT engineer may be here to glean information or steal confidential documents. Train your employees so that they get into the habit of not handling confidential information in the presence of third parties.
Also, make sure that your employees’ screen saver is activated. If they are away from their desk, the content of their screen should quickly become invisible, and they should have to enter a password to recover it.
8 – Protect your documents when you travel
When travelling outside, take care to protect your company’s documents. Avoid carrying them under your arm or in a bag, and be particularly vigilant on public transport. Learn how to protect your devices and data when you travel.
9 – Be wary of wifi terminals
Using the public wifi of an airport, a train station, or a hotel to connect to the internet with your phone or your computer involves very high risks of business data theft. Hackers often frequent these places because many people still don’t know the risks they run with these unsecured connections. Avoid handling important or sensitive documents when you can’t have a secure connection. Even better, use a VPN.
10 – Be wary of USB keys and other removable media storage
It takes only a few seconds to copy a dozen files on a USB key or a hard disk. Prohibit this type of removable media for all of your employees (you might want to make exceptions for certain IT department employees).
11 – Train your staff
Teach your staff good cybersecurity practices. They must be familiar with social engineering techniques and learn how companies should protect their business data from spying. They must also learn to handle emails with care and be wary of calls from technicians or any other professional who may ask them for sensitive information or access to their computer.
12 – Store your data on European servers
The cloud market is characterized by its high concentration, and five players, known as hyperscalers (Amazon’s AWS, Microsoft’s Azure, Google Cloud, Alibaba, and IBM), share 80% of this market.
The data centers of these providers are located all over the world, including the United States. When you choose them to host your data, you take the risk of having your data transferred to a US server.
But bear in mind that European and American privacy laws differ significantly. The European Union has legislation that it regularly supplements to protect the privacy of European citizens (check our article on the ePrivacy Regulation to learn more). Data sovereignty is a growing concern for member states, who are worried about the risks of corporate espionage fostered by technological developments in the IT sector.
Belgium enjoys one of the strictest privacy laws. Private Life Law of December 8, 1992, protects citizens against any abusive use of their private data. The Commission for the protection of private life was then created, ensuring that personal data is used in conformity with the respect of privacy.
In the USA, the NSA has infringed privacy laws thousands of times in recent years. The risk of industrial espionage cannot be excluded, especially if your company operates in a very competitive sector or uses very advanced technologies.
It is therefore crucial for users, companies, and individuals alike to ensure their data security, privacy, and anonymity by storing their data on highly secured European servers, which guarantee the respect of the users’ privacy.
Conclusion
Nowadays, industrial espionage is quite common, and that’s why it’s crucial to protect your data from corporate spying.
Mailfence protects its users’ online privacy, whether they are individuals or companies.
Even better for your company, our email suite includes a range of modern collaborative functionalities which make it the best alternative to Google Workspace:
- Mailfence email, a secure email service. It offers end-to-end encryption and digital signatures;
- Mailfence Documents, alternative to both Google Docs and Google Drive;
- Mailfence Calendar, with a polls feature, contacts, and groups management services;
- A chat service, very useful for your team collaborative needs;
- The possibility of a custom domain (yourname@yourbusiness.com, instead of yourname@mailfence.com);
- A tailored offer if your company has special needs.
All these services are secure and private, but you don’t need to be put off by their apparent technicality: they are ridiculously easy to use. Just try them yourself by opening a free account now!
