The tip of the spyberg… Is your boardroom bugged?

How do you find out what your arch rival is up to before it launches a new product so revolutionary it could kill off your business? And how fine is the line between legitimate competitive intelligence gathering and spying? Elaine Watson delves into the murky world of corporate espionage.

It’s easy to snigger at tales of cloak and dagger subterfuge to learn the secret behind a rising pizza crust or an ultra-creamy fat-free ice cream, but when this much money is at stake, it’s no laughing matter.

In the world of fast moving consumer goods, even a slight advantage can translate into millions of dollars, and the pressure to stay ahead of the game is intense, says counterespionage supremo Kevin Murray.

‘The tip of the spyberg …’

And he should know. A New Jersey-based security consultant specializing in “eavesdropping detection and counterespionage strategy development”, Murray has several clients in the food industry.

And firms in this sector are routinely targeted by everyone from rivals masquerading as suppliers or investors, to hi-tech cyber-warriors/hackers and hardcore corporate spies armed with bugs and other electronic surveillance equipment, he contends.

“My work includes discovering unauthorized electronic surveillance - audio, video and tracking - Wi-Fi security testing, and overall espionage detection and prevention.”

Who is that ‘intern’ in the hot desk opposite you? (And why did you just give him your login details?)

So which firms in the food and beverage sector are engaging in corporate espionage? And what does it mean in practice? Tapped phones? Bugged boardrooms? Undercover employees? Phony repair people? Fax intercepts?

(Or that friendly ‘barman’ at an industry bash that plies you with free booze – and is such a great listener…?)

“If you use the term espionage broadly, I would say all”, contends Murray, formerly national director of electronic countermeasures and New Jersey director of investigations for Pinkertons, the world's oldest and largest private detective agency.

Everyone keeps an eye on the competition to some extent. Many of the tactics are legal, such as open source competitive intelligence [trawling through patent filings, planning applications, websites, trade shows etc].

“If you mean unethical espionage, I would say most. But unethical means different things in different cultures.

"Eliciting information from a competitor's employee under a pretext may be viewed as unethical by some cultures, whereas other cultures view it as a patriotic act …”

Firms who ‘ruthlessly plot and snatch from the unsuspecting’

He adds: “If you mean illegal espionage, then I would say probably most, but it is impossible to know for certain. My feeling from being in the corporate counterespionage business for over three decades is that everyone engages in some form of espionage.

“And, over time, most of them have stepped into the last two categories (unethical and illegal) to some extent. These transgressions can range from accepting information without questioning how it was obtained, to the few who ruthlessly plot and snatch from the unsuspecting.”

Successful spying, of course, remains secret, he points out. “The cases of illegal espionage that we read about in the papers and wind up in the courts are the failures. They constitute the tip of the 'spyberg'.”

‘Most companies want the goods but don't want to know how they were obtained’

But who is getting their hands dirty? The boss? The R&D director? The operations manager? The overzealous competitive intelligence boss?

Not usually, says Murray. “Some companies have dedicated in-house personnel for better control. However, business consultants and their minions - or ‘cutouts’ as we call them - are the prime conduits of business intelligence.

“Most companies want the goods but don't want to know how they were obtained, or get their hands and reputations dirty if the operation is exposed.”

Leave the dirty work to a third party

However, using a third party to do your dirty work can be risky, he points out. “There are people who occasionally pop up and try to sell information on a freelance basis, or on-spec.

“My feeling is that they are looked upon with suspicion by potential buyers as we hear about buyers alerting the victimized competitor to their offers. Makes sense. One never knows when they are being set up.”

The fight back. Step one: recognize there may be a problem

Murray, who helps firms protect themselves from corporate snoops, says the first part of any counterespionage strategy is to ensure that all of your staff recognize that they have information that other people want to steal.

This information could be in their heads, on the hard drive of their computers, sitting on the photocopier or fax machine or in the visitors’ sign-in book at the gatehouse to the company.

You’d hope your well-oiled R&D director would refrain from boasting about the contents of your firm’s innovation pipeline at an industry shindig.

But what about the new hire manning your switchboard that has just told a potential ‘supplier’ that the commercial director isn’t available because he’s at an off site meeting about the new production line/R&D project/technology platform?

Ironclad confidentiality agreements

So train all of your staff, says Murray, who also recommends hiring a security firm to regularly audit your facilities, sweep meeting rooms for bugs and other devices and conduct Wi-Fi audits to identify rogue devices and document compliance with applicable privacy laws.

(And don’t give the ‘intern’ that tailgated a colleague into the office this morning a hot desk and access to the firm’s IT systems without first establishing who hired him.)

Meanwhile, ultra-sensitive information should be shared on a need-to-know basis, he says. “And if you think you have a leak, float bits of information to that individual and see where it comes out. It’s not inevitable that people will steal your ideas. Look at Apple. You absolutely can stop this from happening.

But a lot of it is just common sense , he says.

Make sure your vendors, visitors, consultants – and ex-employees - sign “ironclad” confidentiality agreements. Don’t leave your laptop unattended. Don’t leave sensitive documents on the copier (or in the trash). Don’t let strangers into your building.

And don’t assume that the guy rifling through your dumpster on a Sunday morning is collecting bottles for recycling…”

Visit FoodNavigator-USA later this week to find out how firms can keep up with rivals and stay on the right side of the law through a professional competitive intelligence strategy.

Click here to take Murray’s Technical Surveillance Countermeasures (TSCM) quiz.