09 Feb 11 In order to defend effectively, you must know how to attack
“… That general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.” – Sun Tzu, Chinese General & military strategist
As competitive intelligence analysts, we tap any and every possible source of information that we can think of and lay our hands on. We are often surprised and pleased at the treasures we find – not just on the Net, but also from employees or ex-employees who oblige us with juicy nuggets whose value they are often blissfully unaware of.
This is not entirely their fault. It is the job of the competitive intelligence analysts to put together seemingly insignificant bits of information from various different places and create a picture that says something “significant” about the target company.
Looking at it, for a moment, from the point of view of the target companies that we are doing intelligence on, this is scary. Ideally they don’t want their competition to access any information about them at all. But they do need to give out information about themselves in order to sell their products/services.
From knowing how CI is done, it is possible for companies to protect information that they don’t want the competition to know. Intellectual property tops this list. IP is different things to different companies – recipes, patents, formulas, processes, R&D activity, pricing strategies, raw material sources, customer information, etc. Other information that may need to be protected includes HR records, internal communications, agreements, contracts, reports, processes, research, etc.
Passwords, firewalls, security guards, access control and other physical security measures are easy to implement, but not enough. Other “doors” to guard include – former employees (particularly if they were disgruntled), indiscreet/ naive employees, discarded documents and personal relationships are some of them.
While it is not possible to completely plug all the possible vulnerable areas, it is possible to take a few precautionary measures to plug the non-physical leaks. A strong and clear non-disclosure agreement with all employees and business associates such as consultants, suppliers, service providers, distributors, etc. is important. Whether and to what extent, it can be used as a basis for filing a case against and errant employee or associate, particularly in India, is debatable. Nevertheless, it is an effective deterrent.
Secondly, many times, employees give out information naively without realising its sensitivity. An awareness program that educates all employees on the tactics that the competition is likely to use in order to get information will help them recognise external attempts to seek intelligence.
I have personally fielded several inquiries and RFQs from individuals who communicated with us using generic email ids. Many of these turned out to be attempts by the competition to get our billing rates. Just being aware of this tactic for getting information on billing rates enabled us to protect ourselves.
Some companies go further. I have noticed some small/ medium sized Indian companies ask their employees to keep their names “private” on professional networking sites like Linkedin. It is possible to see names of only the sales & marketing executives. The objective, presumably, is to protect them from being poached by competition. (Whether this is an effective method is desirable and effective is debatable, and topic for another blog)
Another company recently told me that whenever a senior employee leaves their company, they identify all the key sensitive processes/ strategies that the person was knowledgeable about. Then they change those processes & strategies.
To quote the master strategist Sun Tzu again – “All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near”.
What are the other ways in which companies undertake counter intelligence?