CIOs are the front line of defence against the growing number of
industrial spies who seek to gain competitive advantage in the
looming recession.
The CIO's defensive arsenal is well stocked against external
threats, with firewalls, intrusion detection and prevention
systems, and encryption. But more CIOs are turning to technlogy to
monitor and control systems they use to run the business, as the
recesion sparks concerns over the activities of their own
employees.
For example, Marks & Spencer uncovered
the whistleblowing activities of Tony Goode by reading his
e-mails to The Times newspaper.
Goode's lawyer, the GMB union's legal officer, Maria Ludkin,
alleges the retailer also gained access to records about his
private mobile phone calls, an allegation that M&S denies.
Goode denies leaking confidential information and is appealing
against his dismissal from Marks & Spencer.
Dave Roberts, director of surveillance equipment supplier
The Spy Shop, says managers
are becoming more paranoid about abuse or loss of company assets,
as the economy slows down, and staff faced with redundancy are
looking for "insurance policies".
Roberts says electronic monitoring equipment is highly
effective, cheap and "idiot-proof". One innocuous-looking 13amp
double adapter can hold a microphone and SIM card that allow the
owner to monitor an entire room and transmit conversations via the
mobile phone network to a listener anywhere in the world.
He adds that a £95 "snoopstick" can download a Trojan in 60
seconds via a PC's USB port. The Trojan lets a remote watcher
monitor and even edit a message on the fly without the sender
knowing. A target's mobile phone can be similarly compromised with
a Trojan injected via a Bluetooth transmission to the target phone,
he says.
Kirstie Ball, who wrote a
specialist report on workplace monitoring for the Information
Commissioner's Office 2006 report,
A Surveillance Society, says the use of electronic methods to
watch workers is rising.
"The three main reasons are to monitor workers' performance,
their behaviour, and their personal characteristics," she says.
Ball points out that monitoring is nothing new, but that more
companies are using CCTV, e-mail and web filtering, and phone call
analysis.
Mark Murtagh, technical director of e-mail filtering company
Websense, says more and more
companies want to stop data leaving their offices.
Recent high-profile cases have highlighted the risks of data
leaks. For example, the German electrical engineering firm
Siemens was found to have the details of the price list and
maintenance contracts of arch-rival Dassault Systemes on its
intranet. Dassault said it suspected a former employee of stealing
the information to buy his way into a job at Siemens.
"Data loss prevention is about identifying what data is
important, controlling who has access to it, what media it can be
saved to, and, more importantly, who can send it outside the
organisation," Murtagh said.
Peter Skyte, national officer for the
Unite trade union,
agrees that monitoring is on the rise. He says companies do it
partly because it is legitimate for health and safety, security or
regulatory reasons, but also because they can.
Skyte believes the wholesale sacking of middle managers has left
companies with no choice but to rely on technology to monitor the
workplace. Unite has a
privacy
guide that spells out acceptable use of monitoring technology,
and the
Information Commissioner's Office also offers advice.
As the M&S incident shows, trust between management and
staff is crucial. Properly done, electronic surveillance can build
trust. Badly done, it will devastate relationships.