Recently, I have been sharing some articles about social engineering and elicitation. I thought I would continue that by sharing some ideas on avoiding being a target for information and intelligence collectors.
Priority Intelligence Requirements (PIR)…all nations have them. They may not call them by this name, but they have them. All nations collect intelligence. It is in their best interest to collect information vital to their national security. What kind of information is vital to nations? It is often sensitive or classified information within another country’s political or defense structure. Countries use intelligence officers to collect this information. This is a long-standing truth. Many consider intelligence collection to be the world’s “second oldest profession.”
I know an interesting theory about intelligence being the second oldest profession. A former colleague of mine, a career intelligence officer himself, disagrees. He makes a strong argument that intelligence is actually the oldest profession. His argument goes like this. If that other profession is to thrive, people would have to know where it is plied and how much it costs. Intelligence provides the answers to these questions.
Like nations, businesses also have PIR. These are most often directed at their closest competitors. Proprietary information and trade secrets are the classified information of the business world. You have that information. It may be on your computer. You may also have it on your cell phone. It may be written on documents in your briefcase. At the very least, you have it in your head. Since you have this information, you are a potential target. There may be no way to completely avoid being a target for business intelligence. But, we can make ourselves such a “hard target” that collectors will look elsewhere for information.
The Scope of Business Intelligence
Business Intelligence (or competitive intelligence) is big business. The Harvard Business Review recently published an article entitled Everyday Business Travelers Are Easy Targets for Espionage. In this article, the author describes the scope of business intelligence. He cites FBI statistics that $300 billion worth of American business intelligence (IP/BI) is stolen each year. It is stolen by business intelligence collectors. Both businesses and countries target people for business intelligence.
As the article suggests, we are often most vulnerable when we are traveling. When traveling we often do not have access to all the same security measures as we have at our home location. Additionally, traveling can be a tiring experience. We can easily allow ourselves to become exhausted traveling long distances. We also often try to cram in as many meetings as we can during a single trip. Business intelligence collectors understand travelers are vulnerable. So, they often choose to target travelers…when they are easier targets.
Protecting Electronic Data
When traveling your electronic data is vulnerable to tech-savvy business intelligence collectors. This is particularly true when using free wi-fi services like those at airports. Complimentary wi-fi services at hotels are also not secure. Emails and other electronic communication made here are susceptible to interception by collectors. The article cited above provides some helpful tips to follow while traveling. These are all great ideas to protect yourself and your sensitive information.
- Don’t put your electronics in your checked luggage. Keep them with you.
- Consider traveling with a disposable cell phone.
- Protect your company email by using a separate “throw-away” email to communicate with your family and coworkers.
- Use an email encryption program to encrypt and decrypt your email.
- Use password protected drives for sensitive business documents.
- Don’t use complimentary WiFi when traveling, unless necessary.
- Use a trusted VPN.
- Never leave your sensitive business materials or electronics unattended.
- Use a strong passphrase of 14-18 characters as a password.
- Change your passphrase every 180 days and after every international trip.
- Power-off your devices when they are not in use.
Let’s return to a comment I mentioned above. Electronic devices are not the only place we keep sensitive and proprietary business information. We all have it in our brains. We already noted that competitors may use technical means to target your electronic devices. These same competitors often use psychological and communication savvy people to target your mind. A well-trained business intelligence collector can take advantage of an unsuspecting business traveler. He or she can collect a wealth of business intelligence in the process. The target may never realize just what they disclosed.
The technique used by collectors to exploit these unsuspecting human targets is called elicitation. This is the area where I have discussing in the blog over the past weeks. Why would I focus here and not on the dangerous technological methods mentioned above? The reason is simple. I have been teaching students how to elicit information from others for the past 10 years. Additionally, I am a retired counterintelligence officer. I have both used and countered these techniques for nearly 30 years. I think the best way to counter intelligence collection is to understand collection techniques. If you know the technique, you can identify it early. Once you have it identified, it is easier to apply countermeasures. You can do this before the collector can achieve any level of success.
I would like to invite you to join us as we continue to share some of the basics of counter-elicitation. If you want to make sure you don’t miss any of these blog articles, you may want to sign up for our newsletter. That way you will receive a digest of our articles twice each month. You can sign up using the form here.
Before we go for today, I would like to give you the first tip in counter-elicitation. You will have to come back for an explanation about why this is such an important tip. Be swift to hear and slow to speak.
Photo credit: Marshall Segal via Foter.com / CC BY-NC-ND