TSCM Bug Sweeps: When and When Not to Part II
- December 16, 2012
- by Kevin Murray
- Business Tips
Editor's note: This article was written by an industry professional and guest contributor. The views and opinions in this article are of the author and do not reflect the views of PInow. If you are a blogging investigator and you have a story to share, send an email to [email protected]
Part II - What you can do to keep your current business clients espionage-free
Technical Surveillance Countermeasures (TSCM), or bug sweep, is an analysis of an area to detect illegal covert electronic surveillance. In addition to listening devices, sweeps also take into account optical, data, and GPS tracking devices.
In TSCM Bug Sweeps: Part I, we discussed how to handle requests from new clients for TSCM bug sweeps. In Part II we look at helping your current business clients. After you alert them to your business espionage solutions you will be viewed as a more valuable resource. Your revenue will also increase.
A typical case involving current business clients...
The Ostrich Effect:
Ignore the risk and maybe it will go away.
Many companies are doing very little to protect themselves against business espionage. Worse, they do not even know what protection measures are available, or where to go to find them. The natural result is “The Ostrich Effect”: ignore the risk and maybe it will go away. As their security advisor, you should, and can, be helping them avoid this major disaster.
Step 1. Partner with a competent TSCM specialist.
As mentioned in Part I of this series, partner with a competent specialist. You may already have someone you know and trust. If so, great. If not, conduct a search using terms like “eavesdropping detection”, or simply “TSCM”. Once you have found specialists to vet, ask plenty of questions. If you are not sure of what to ask, search “TSCM compare” for a list of questions. Qualify your specialist with questions, but be sure to note their professionalism too. Their presentation and demeanor will reflect on you.
Knowing a good TSCM specialist will make the rest of the steps very easy for you.
Step 2. Contact your clients about their security oversight.
Make an appointment with the company president, or the highest level you can contact. Present your concerns about their security blind spot seriously. Bring in the documentation which supports your concerns; news articles, government reports, etc. Let them know you foresee a vulnerability that could have a major long-term impact for them, i.e., no strategy for managing business espionage risks.
You can be sure they have already thought about this. However, they probably didn’t know what to do, so nothing was done. They will be very pleased with by your initiative and will welcome having the problem solved.
Offer to create a pro-active strategy for them. Begin by setting up an on-going schedule of TSCM eavesdropping detection audits.
- Business espionage often includes electronic eavesdropping – the easiest sign of an attack to discover.
- Intelligence collection is a leisurely process. No harm is done until the collected information is used.
- Periodic TSCM audits can reveal an attack while there is still time to thwart it.
This is why TSCM is even better than an Intellectual Property Protection insurance policy. Insurance can’t prevent a lost: business opportunity, a competitive advantage, or marketplace reputation. TSCM can! TSCM is actually inexpensive super-insurance.
By the way, TSCM audits do more than just reveal electronic surveillance. They are also information security surveys, which spot decaying security hardware (locks and alarm points), poor employee security practices, and reveal new non-electronic information vulnerabilities as they develop.
Results your client will see:
- Protection of profits.
- Business strategies remaining viable.
- Intellectual assets remaining theirs.
- Personal privacy and safety protected.
- Fiduciary responsibility to stockholders is documented.
- Financial disasters are avoided.
- Prevention is always cheaper and smarter than sustaining losses.
Benefits you will see include: more frequent contact with your client; a more regular revenue stream, and opportunities for new work, based on implementing security recommendations made by your TSCM specialist.
Step 3. Map out a strategy.
Determine: which areas to inspect; what events will require attention (board and off-site meetings, for example); and how often inspections should be scheduled (two to four times per year is average for most businesses).
Step 4. Reporting.
Make sure your partnering specialist can produce intelligent reports with concise, practical recommendations. No technical jargon. Reports should document: the purpose of the audit, the areas covered, a brief description of the audit process and analysis, floor maps/photos, a historical log, and clear, actionable recommendations.
It is important to note that your specialist be independent, that is, not receiving any profit or benefit from the products/services they recommend.
Take time after each audit to review the report with your client. Offer to oversee the implementation of recommendations whenever possible. The more work you can remove from your client’s shoulders, the more they will rely on you.
Why bother. . .
If you don't help your clients, another person reading this post will.
- Your business clients need privacy and information security assurance.
- You are capable of helping them. All it takes is initiative.
- This type of work is the bedrock of long-term, active relationships.
- Business espionage is a growing problem.
- If you don’t help your clients, another person reading this post will.
- You don’t want to be left behind like your colleagues who eschewed the Internet and “all that computer stuff.”
Being in business automatically means the business has some sort of competitive advantage over their competitors. The more successful a business is, the more they need to fear the theft of their advantages. This means that all of your business clients might be candidates for pro-active business espionage prevention. All of them.
Also from Kevin Murray: TSCM Bug Sweeps: When and When Not To Part I
About the Author:
Kevin D. Murray, CPP, CISM, founded Murray Associates in 1978. It is an independent consultancy providing electronic surveillance detection (TSCM) and counterespionage consulting services to businesses, governments, and at-risk individuals. The firm also partners directly with security organizations, PIs, and attorneys on behalf of their clients. He is the author of “Is My Cell Phone Bugged?” and Kevin’s Security Scrapbook - Spy News from New York. Free information and movies about TSCM can be found at the Murray Associates web site, http://www.spybusters.com
Top Private Investigator Blogs
Kevin's Security Scrapbook is #10 on the PInow list of Top Private Investigator Blogs. If you are a blogging investigator and have a story to share or would like to be considered for inclusion on the list, please contact us.