Jim was looking for ways to make Acme’s production process more efficient. He ran a search on the Internet for their new process, and he also wanted to see if their competitors had figured it out yet. One of the search hits was an image, and it looked like there was a TX1000 machine in the background. He took a closer look at the image and realized that the two people in the photo were wearing Acme shirts. Were these his employees? Where did this image come from? How did they get a camera into the production facility? He checked the source of the picture and learned that it was a social media site. It looked like the picture might have been taken with the camera on a phone. The caption included the name of the machine and the location of the plant. Jim was worried. If he could see this picture, then so could his competitors. Their new production process might not be a secret for long.
It’s hard to find a phone or mobile device today without a camera, including a video camera in some cases. Other devices such as tablet computers and some mobile media players also have the ability to take photos. Many of these devices provide instant connectivity to social media sites, most commonly Facebook and Twitter. The ability to instantly connect and share information can be good, but it can also be a source of problems when considering proprietary or sensitive information. Companies should update their policies and procedures concerning proprietary and sensitive information to include new technologies.
The company should have a policy about cameras in the workplace, including cameras on phones or other mobile devices. Limiting the presence and use of cameras in the workplace not only protects proprietary information like production processes, but also protects the privacy of individual personnel. The results of accidental or intentional photographs of fellow employees could range from inconvenient or embarrassing to dangerous, such as in a domestic violence situation. It is important for the company to communicate to employees where and when the use of cameras is acceptable – if at all – in the workplace.
The company should also have a policy for protected information that is posted on websites or shared via email or message service by employees. This includes obviously sensitive information such as work processes, financial information, personal data, and customer data. Other information described as sensitive will depend on the nature of the business. Even information that seems harmless and trivial may be useful to a competitor or someone wishing to cause harm to the company.
Finally, the company must have a way to enforce these policies. This could include a designated secure location where employees leave mobile devices and other belongings. There should be disciplinary actions for violations of company policy. In some situations, a hotline or other anonymous reporting system for employees to report information leaks could be useful. The systems that protect a company’s sensitive information must be constantly revised to adapt to changing technologies.
Plan. Protect. Prosper.
Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.