• You are here:
  • Home
  •  / 
  • News
  •  / 
  • Story

Advertisement

News

Spycy twists and turns reveal murkier side of Corporate India  (View Comments)

Ambika Naithani

Posted On Wednesday, February 14, 2007 at 06:26:13 PM

   Pramod Sharma won an award during a SAP training programme at an FMCG company, but wasn’t present to collect it. His superiors were asked to collect the award on his behalf. None came up as it wasn’t clear who Sharma reported to. When HR was questioned, it said that the young man was in the IT department, which in turn said that he was actually in sales and would come at times to fix a problem. This raised a doubt and investigation began.

   HR realised that Sharma was actually in this FMCG conglomerate for the last six months. He was friendly and his affability made it seem like he had been in the organisation for a long time. However, none knew where he stayed. Finally, his residence was visited and the landlord informed them that Sharma had been paying two months rent in advance. They broke open the empty house.

   There wasn’t a trace of the man’s identity. The same person who had access to every nook and corner of the said company was simply not to be found.

   This is one of the instances of corporate espionage. Corporate espionage seeks information vital to the business. There are two parties in corporate espionage — insiders and outsiders. Insiders are generally employees who leak information.

   “I would say that in 95-98% of the cases, it’s the employees who give away company secrets,” says Rahul Rai, director, operations, Globegroup, a detective and securities company. Rai adds that depending on the information, the concerned department (HR, sales, accounts, etc) is targeted and an employee from the lower level is targeted who is vulnerable. 

   According to Captain Raghu Raman, CEO of Mahindra Special Services group, companies world over consider India as a potential threat. Companies in the US and Europe profile Indian companies and put the fundamental blocks in place. Rai echoes this point and says that it’s generally the foreign companies who want to set up in India that employ corporate espionage for a variety of reasons — assessing the workforce, employee salaries, client data, quotations and formulae for technical compositions.

   There seem to be a range of companies that are employing companies for corporate espionage. “There are companies from construction to FMCG that are employing this. Money is usually given on assignment basis. Awareness among companies about corporate espionage has increased over the last two to three years. Fee on the lower level could be from Rs 3-5 lakh while a big company can put about Rs 20-22 lakh for an assignment that spans from the last 2-3 years,” a source says.

   Raman says that there are some fields that are susceptible to corporate espionage. He says: “R&D is the most likely to be hit by this. Pharmaceutical companies and drugs manufacturers are at risk as serum composition can be detected and duplicated.”

   The essential tool of corporate espionage is a kite. A kite is a special type of outsider who gets information for companies which they don’t know how to get and don’t wish to take ownership of such an act.

   “The biggest risk a company faces is of data confidentiality. Data theft could be on any side — strategy, customers list, product patent and information on key people, “says Sunil Chandiramani, country leader, risk & business solutions, Ernst & Young India. Espionage could take place on two levels — one on the retail level (bank accounts credit card details etc) and the other is the high-end, when a company outsources the function of corporate intelligence to another firm.

   “While in terms of sophistication, dumpster diving is at one end, social engineering coupled with physical presence is at the other end of the spectrum,” explains Raman.

Dumpster diving involves looking through garbage trashed by the company. This could be in form of hard copies or digitized information. There could be old USB drive, a CD with important data etc.

   The next level is social engineering where people call up asking for information and one gives in. At times, there is a mix of social engineering and dumpster diving.

   For example, some stray USB drives could contain Trojans and if you use it unsuspectingly, it could destroy your network. The most common concept is hacking — system, remote and physical. In a case of system hacking, the attacker has low-level access to the victim’s system. A remote hacker attempts to penetrate a system to which he has no special access. Lastly, physical hacking involves the attacker to personally get into the premises to perform the deed. There are three ways to prevent hacking. Firstly, the technology needs to be bolstered and unwanted software should be removed. Secondly, processes need to be re-engineered and lastly, people need to be trained and made aware of hacking.

   According to Chandiramani, there are two ways in which this can be prevented — information classification and risk assessment. In case of the former, the data is classified into what is private and confidential and what is available in the public domain.

   This makes it easy to sift what is available for only one person and what is available to the rest. Second is called risk assessment in which case one quantifies the possibilities of what type of people are likely to target what kind of sensitive data.

   “Since these days all data is digitized, there are many ways to make copies of the same. One has to ensure that the data is being managed and maintained in the right way. Also it is critical to ensure that to what extent is data permissible to outsiders (secretary and the IT department),” explains Chandiramani. The last two ways are whacking and phone eavesdropping. Whacking is wireless hacking in which case an intruder with the right radio frequency can tap all information through wireless transmission.

   Phone eavesdropping is another common way through which a person can by digital recording device can monitor all faxes and tap phone lines. While there may be some technical ways in dealing with sensitive data, one has to exercise common sense too. Small things need to be attended to — you should avoid accessing your email from airport terminals as the security of the wireless connection could be suspect and you should remove all information from hard drives before disposing of old computers. “Discussing business strategies in front of strangers — like at times drivers, etc., though may sound innocuous, can be quite dangerous,” says Raman.


Rate me....
Mail this articleMail this articlePrint this articlePrint this article
Share
Share Reddit.com
Share del.icio.us
Share StumbleUpon.com

Post Your Comments

 

Fields marked * are compulsary

Disclaimer

View Comments

Prabal Says:

Interesting read!

Loading...

Most Searched Tags

job  engaged  certification  hierarchy  industry-academia  skills  audit  candidate  infrastructure  communication  appraisal  balancing  economy  outsourcing  recruitment  campus  e-learning  non-monetary  events  orientation  crown  employer  Art  career  planning  hardware  responsibility  maternity  management  talent  postings  performance  development  employee  training  volunteering  branding  corporation  time  telecom  organisation  society  degree  feedback  entrepreneurs  NRIs  experience  laid-off  profession  consultant 
Brand Potion

Advertisement

Thought Pool
New

Here's your chance to be our 'Student Journalist of the Month', a contest for aspiring students to pool in their ideas and views on burning issues in the Human Resource space. It's simple! Post your article here and you could be the winner.

Topics of the month

  • The need for CSR
  • Role of EQ in a successful career

Terms & Conditions

Post your Article