Technical Surveillance Countermeasures to Prevent Corporate Espionage

via Veteran Investigation Services

You’re at an important company board meeting discussing a top secret product development project. If this unique product idea gets leaked to your competitors, the consequences could be dire. The key stakeholders are in the conference room or participating via conference call. The meeting goes well and later you find out your competitor has beat you to market with the same product idea. How could this have happened?

Your business or organization could be the victim of corporate espionage. Someone could be collecting competitive intelligence through unethical means, such as listening devices, video surveillance, or even something as basic as rummaging through your trash. Whether the threat comes from bugging devices at a one-time event, or ongoing surveillance at your corporate site, make sure you are aware of surveillance techniques, find the threats, determine who is behind the intelligence gathering and put systems in place to prevent future breaches.

COMPETITIVE INTELLIGENCE GATHERING  –  Your competitors and corporate enemies want to know what is said at meetings with shareholders, new business partners or clients or new product development teams. They may be seeking information about your financial outlook, or access to your intellectual property. Some companies will stop at nothing to gain that information and for many reasons, it’s easier than ever for them to get it. Today, surveillance is easier than ever. Advanced wireless devices such as covert listening devices, miniature cameras, concealed, wearable recording devices or hidden micro-cameras are just a click away online and can be very inexpensive. Employees or someone on the cleaning crew could be paid to place a device in a conference room or collect paper trash afterwards, or look for computer passwords left on desks or taped under keyboards. Safeguarding your company secrets requires a preventative approach. The most common surveillance targets are CEO offices, their private conference rooms, and assistant’s work area, since these spaces are the most likely locations for strategic meetings where valuable company information is discussed. These areas should be swept for bugging devices before critical meetings and at regular intervals, based on the level of risk.

TECHNICAL SURVEILLANCE COUNTERMEASURES  –  If you suspect that someone is obtaining company secrets or you’ve already experienced a damaging leak of information, we recommend screening for potential threats to prevent further leaks. A TSCM (technical surveillance countermeasure) examination can be performed to look for surveillance equipment or detect other risks. These can be done before an important meeting, at an off-site event, or at your site at regular intervals.

A TSCM examination may include such counter surveillance tactics as:

  • Full Radio Frequency (RF) Spectrum Analysis
  • Infrared Spectrum Analysis (IR)
  • Detecting transmitting devices in the electrical system/wiring
  • Disrupting laser frequencies with static “white noise” and or window coatings to prevent laser listening systems from gathering micro-vibrations from the surface of a window to listen in on conversations from outside of a room.
  • Conducting a physical search looking for:
    • Idle surveillance equipment that may be turned off or out of batteries.
    • Cameras or microphones in the ceiling.
    • Reflections from camera lenses.
    • Radio transmitters that could broadcast to an external radio.
    • Bugged telephones. Polycom phone systems are easy to turn into listening devices.
    • Easily found passwords left on desks or under keyboards.
    • Computers left on and logged in.
    • Document disposal and inadequate document shredders.

COUNTER SURVEILLANCE TECHNIQUES OFF-SITE  –  Important business meetings held off-site at hotel convention centers can be easy opportunities for surveillance. Sweeps of the meeting rooms, guest rooms, or bathrooms can be done, and then security staff should maintain custody of the room to ensure the room stays free of bugs until after the meeting. Executive cars can be targeted and especially at risk if using valet parking, as well as executive phones which are susceptible to Trojan horse software that can allow someone to listen in on all the conversations or steal data from email or text messaging.

AFTER THE TSCM EXAMINATION  –  What happens if listening devices are found during a sweep? If surveillance equipment is found during the TSCM examination, it should not be removed immediately because it can be used as a trap to find out who put it there? The TSCM examination is just the stepping off point for a full analysis and investigation. Suspects need to be interviewed. A full security assessment may be necessary if many problems are found. Systems should be established to prevent this kind of activity. Embedded and dedicated security personnel may be needed to keep security at the forefront of executives’ minds, staff who can be there to watch, learn, listen and report on surveillance threats. Everyone in the organization can contribute to prevent leaks. Policies and procedures should be developed and communicated to employees regarding the handling of passwords, access, and confidentiality agreements.

ARE YOU AT RISK OF CORPORATE SURVEILLANCE?   Companies are hungry for that competitive edge that will help crush their competition. They may hire corporate surveillance companies to gather company secrets from their competitors, often through unethical means. Low level employees with low moral or low paid personnel from external maintenance services can be paid off to gather intelligence or plant bugs. Most companies are naive and feel that industrial espionage and surveillance does not happen in real life, it only happens in the movies and “cannot happen here.” They feel they can trust all of their employees like family. But all it takes is a hungry competitor and a disgruntled employee passed over for a promotion to initiate the leaking of your company secrets that could be devastating to your business. Then, with the preponderance of equipment easily available, your company’s most important information and conversations could get into competitors hands in an instant.

What proprietary business information could cause damage to your company if your competitor was able to listen in on your meetings? Have you done all that you can to protect that information? 

If you suspect your sensitive business information or trade secrets have been compromised or are at risk please use the “request information” form on our web site to message us and provide a safe phone number and/or e-mail away from your area(s) of concern and we will contact you as soon as possible.  If you feel communication via encrypted e-mail is required advise us of that and we will quickly arrange for secure communication.   

 

NZ All Blacks Bugging Incident – Security Consultant Under Suspicion

By Charles Patterson at Executive Security  (http://execsecurity.com)

In August of last year, news came out from Australia that during a routine TSCM sweep a bugging device had been found embedded in a chair in the hotel room used by the All Blacks rugby team during their visit to Sydney.

Sweeps can be important for any business, and sports teams as well. Information discussed prior to major games could be desirable from many directions- the opposing team, news media, not to mention gambling and possible organized crime activities.

Security Chief Under Suspicion

In this case however, it appears that the security consultant hired to help protect the team had ideas of his own and is now charged with planting the device himself. The risk posed by insiders to any corporation is significant. Employees, executives, vendors, and consultants could all come under suspicion.

Adrian Gard is a consultant for BGI Security, which was contracted by the All Blacks during their Bledisloe Cup campaign. He has been charged with public mischief over the bugging incident.

Information received early on in the investigation threw some suspicion on Gard. Apparently the security consultant had handled both the chair and the device privately while alone in a room, then emerged with the slit upholstery and the device in his hands.

In a statement, All Blacks head coach Steve Hansen said the charge was “very hard to understand”.  [Gard] “has worked for the All Blacks, and many other organizations, for a long time and is someone who is trusted and well-respected by us.” Hansen said it would not be proper to comment further as the case was before the courts..

Integrity

The fact that Gard was only charged with public mischief seems to indicate that he was not intent on deliberately stealing information but his integrity is now certainly called into question. This could be a case where an individual thought he could make a name for himself but ended up destroying his reputation in the process.  Many people, even in the security field, often make light of listening devices and eavesdropping threats. As indicated by this incident, eavesdropping is not something to take lightly. With the abundance of spy devices available today there are many who just think of it as a game. The consequences, though, are very real.

When a Device is Found

If someone claims to have found a device on your premises, you will want to gather background information. This includes knowing circumstances surrounding it’s discovery, whether it had been disturbed or handled in any way prior to reporting, similar to the chain of evidence in criminal investigation. There may be a need to try to trace the device back to an original owner or source. Another consideration if an active device is found could be to leave it in place and feed false information to it in an effort to expose the perpetrators.

When studying any type of technical threat, it is important to understand the characteristics and capabilities of a device. This includes such things as battery power and battery life, transmitting distance, and audio capability. A number of these features may have shown that the device was not useful for eavesdropping from it’s found location, perhaps indicating that it may have been moved from a different location or.

When considering a TSCM bug sweep, always go with professionals with experience in the industry. Exec Security TSCM has been providing professional sweeps for over 20 years. Keep our number and email on hand and do not hesitate to call if you have any questions or even you just want a “second opinion”.

 

When Cyber Security Is An Inside Threat

Although this article isn’t directly related to TSCM issues it does extend into the overlap where cyber security meets physical security and the emplacement of transmitting/recording devices.  Who better to plant a device that an insider with access.

Security Weekly

February 18, 2016 | 08:00 GMT

By Scott Stewart

According to a recent article by Business Insider, hackers in Ireland, stymied by Apple’s information systems security, are taking another approach to gain access to the corporation’s data. They are offering Apple employees up to 20,000 euros for valid login credentials. While not all approaches to insiders are so overt, this case nevertheless serves as a great reminder that malicious actors are actively recruiting insiders to exploit their status.

Beyond that, it demonstrates that the insider threat is not just confined to an Edward Snowden type who steals a mass of data in one swoop before leaving the company. Insiders can pose a far more subtle and enduring threat. Because of this, we should think beyond Snowden when considering how insider threats can manifest.

Thinking About Insider Threats

It’s important when considering insider cyber threats to not let the cyber element distract from the basic problem; hacking is still fundamentally theft of information. In fact, I would encourage security managers to think about these insider threats much as they would any other sort of corporate or government espionage.

Certainly, those looking to recruit an insider would love to have access to a systems administrator — essentially the corporate equivalent of an embassy communications officer. Systems administrators normally hold the keys to the kingdom, and in many cases they can access a variety of email accounts and other systems of interest to those conducting corporate espionage, whether they are motivated by ideology, looking to steal proprietary secrets or seeking information for insider trading purposes. That said, company IT staffs are not the only people who could be recruited to help carry out a cyberattack.

In addition to the outright sale of a valid system login, as in the Apple example, insiders can also perform more subtle tasks to help hackers. One is to fill the role that an “access agent” would in traditional espionage: identifying potential sources. Rather than pinpointing and approaching individuals, in the cyber realm insiders can help hackers understand a company’s systems and security procedures. They can also provide company organizational charts and examples of company communications. Perhaps more important, an insider has knowledge of who talks to whom and what topics they discuss; they may even pass along sample emails that show how people interact.

This level of detail can be incredibly useful in helping set targets up for a well-crafted and convincing attempt at spear phishing, an email attack tightly focused on an individual user. If a hacker learns that Carol regularly sends text documents or spreadsheets to Bob and even has examples of how Carol normally addresses Bob, including any company or personal jargon, he or she can then craft a highly tailored message spoofing Carol’s email address and with it deliver an attachment loaded with malware.

Access agents can also be used to help spot troubled coworkers whose financial or other vulnerabilities, such as anger at the company or drug use, might make them easier to recruit. Sex also works as a highly effective recruiting tool, and access agents can identify people most likely to be vulnerable to a “honey trap.”

Non-IT staff insiders can also be used to introduce malware into a company’s computer system. They may knowingly open a spear phishing tool, allowing them to feign victimization later if they get caught. As noted above, they have the knowledge to help craft a plausible spear phishing presentation that can give them the cover of apparent innocence. They could also, for example, steal a thumb drive from a coworker’s desk and allow hackers to install malware on it before returning it. There are many ways a non-IT insider can help inject malware into company systems — even sensitive “air gapped” systems, or secure networks separated from the Internet.

Persistent Insider Threat

Insider threats are not limited to one-hit wonders like Snowden. Insider agents who make their actions seem innocuous and maintain plausible deniability can stay in place at the targeted company for a long time. Again, thinking in traditional espionage terms, it was always a great windfall when someone would walk into an embassy and hand an intelligence officer a briefcase full of classified documents. But a good intelligence officer isn’t satisfied with just those documents. Sharp officers protect walk-ins and encourage them to continue working; that way, they can provide a continuing stream of valuable intelligence instead of just a single document dump.

But even when we are dealing with a recruited agent instead of a walk-in, the best strategy is to leave the agent in place for a prolonged period to maximize the extracted intelligence. National intelligence agencies running computer intelligence operations will follow the same principles in recruiting sources as they do for other operations. Intelligence services draw little distinction between an asset recruited for cyber and one meant for traditional intelligence gathering, and once recruited, agents can serve both purposes.

Anyone who doubts that intelligence agencies from an array of countries actively recruit sources from within many different types of companies has not been paying much attention. States frequently use false-flag approaches, sometimes presenting themselves as competitors or even criminals rather than intelligence officers.

But even beyond intelligence agencies, it is easy to see how ideologically motivated leakers, competitors and criminals could benefit greatly by having inside sources embedded long-term within a company.

Bad Operations Security

Finally, in addition to knowing collaborators who act intentionally, sloppy insiders also pose a significant threat — and arguably a larger and more persistent one. Whether or not the slip-up is as high-profile as the case of an Apple employee who left a top secret iPhone 4 prototype at a bar, or the case of the Qualcomm CEO whose laptop was stolen shortly before his company reported its quarterly results, there’s always the chance that a low-level insider will fall for a clumsy phishing email and introduce malware onto company servers through a personal laptop.

Of course, such negligence can play a role in attacks involving knowing insiders as well. All the potentially threatening actors we’ve discussed, from intelligence agencies to criminals, can and do pounce on mistakes made by unwitting, inattentive insiders. But compared with recruiting an insider, which requires more effort and is more easily detected, a targeted cyberattack is a low-cost, low-risk method that can be just as effective. Negligence makes those attacks easier to execute. Poor operations security is also not just confined to non-technical employees. Inexperience, laziness or poor practices can make IT staff negligent as well. In short, employees should be well informed and on guard. The threat posed by a Snowden-like insider is grave. But it is far from the only type of insider threat that can harm your company.

 

Beware: Threat to Your Business Information, Intellectual Property, and Trade Secrets

USB Thumb Drive Recorder

By George Carey, Technical Surveillance Solutions

With the continued miniaturization of electronics the threats to your sensitive business information continue to increase.  Enter the innocuous USB thumb drive.  Harmless information storage platform you say.  Better take a closer look.  Now they not only store information but record sensitive conversations.  Get them off Amazon (shown in the photo) and from many other vendors.  I ordered one to see for myself.  The audio quality is surprisingly good.  8GB’s of storage space and larger. Up to 16 hours of battery life.  Place the USB recorder in a cup full of pens sitting in the middle of a conference room table during a sensitive meeting and all conversations are memorialized for later analysis and sharing as a WAV file.  Plug the device in to your laptop, save the files, and send the content of the files via e-mail to anyone with an interest in the information including your business competitors, foreign actors, and legal adversaries.  How secure are your conference rooms where sensitive subjects are discussed? What is your policy on taking electronics in to sensitive meetings?

Watch Out for Workplace Intruders

Security Weekly

October 13, 2016 | 08:00 GMT

The unknown person at your office could be a co-worker you have not yet met — or a criminal who is up to no good.

By Ben West

A series of high-profile computer crimes has grabbed headlines this year. An elaborate CEO email scam netted fraudsters almost $100 million from Bangladesh’s central bank in February. In the spring, the Panama Papers leak of stolen electronic files exposed thousands of individual and corporate offshore bank accounts. The U.S. Democratic National Committee and state election commissions were hit by hackers who intercepted email communications. But a warning from the FBI office in Houston in early October reminded corporate security professionals not to overlook a well-worn tactic: the physical theft of sensitive material by people who intrude into workplaces. Much like the hackers who threaten companies’ efforts to keep information secure, the old-fashioned “office creeper” can use a variety of methods to penetrate physical security and gain access to company property and secrets.

A Creeping Threat

On Oct. 4, the FBI issued an appeal to the public for help in investigating intrusions from 2015 into an unnamed international energy firm’s Houston offices. The FBI released surveillance footage of the two incidents: one on June 25, the other on Dec. 30. In the June incident, a man wearing a dress shirt, slacks and a baseball cap entered the company’s offices at about 3 a.m. through an unlocked security door. He can be seen walking the halls, getting in an elevator and leaving with two bags that he did not possess earlier. The man moves confidently — like an employee familiar with the building, not like a thief. The FBI is concerned that he may have taken sensitive material in a possible case of industrial espionage. (In the second break-in, the culprit is shown trying but failing to enter the company’s main office suite and takes a security radio off a desk on his way out.)

It is easy to imagine the value of information that a major energy company would possess. Choice pieces of information could be worth millions of dollars to corporate rivals or foreign governments. Chinese intelligence services in particular have demonstrated an appetite for insider knowledge they could use to benefit state-owned enterprises. Recent revelations of an office intrusion at a renewable energy firm in Edinburgh, Scotland, appear to link an official Chinese state visit in early 2011 with an overnight burglary two months later that netted several thousand dollars’ worth of laptops. A Chinese prototype of a wave energy machine similar to the Scottish company’s design was released three years later. Authorities have not confirmed that the 2011 break-in was tied to Chinese industrial espionage, but the details surrounding the case suggest that the theft was more strategic than a simple burglary.

In contrast to the Scotland burglary, several factors indicate that the Houston incident was more likely the work of an opportunistic office creeper than a sophisticated spy. Electronic infiltration is the tactic of choice for leading industrial espionage powers such as China and Russia because of the broader access and lower risk it offers. If a human source is needed, foreign intelligence agencies or rival companies tend to recruit a current or recently departed employee to access proprietary information. When a state intelligence service directly engages in physical intrusions, its operatives demonstrate higher degrees of tradecraft (such as the ability to pick locks) than did the Houston suspect. In addition, sending an agent to nose around in the middle of the night is a high-risk/low-reward operation, an unlikely task for a well-trained professional.

Gaining Access

Office creepers are like computer hackers in that they seek access to unauthorized areas they can exploit for their own gain. Some are opportunistic, like the thief in Southern California who, in 2015, targeted offices during lunch hours, entering and stealing electronics when workers were most likely to be away from their desks. If confronted, he would claim that he was lost and ask for directions. Other intruders are more organized. One Ohio thief, Larry Cobb, would wear a homemade ID badge when he targeted offices during the early 2000s. Cobb was caught and sent to prison in 2007, but within a few months of his release in 2013, he returned to his old ways — this time with added sophistication. He recruited others to help him commit systematic fraud using credit cards filched from wallets and purses left unattended in the offices he burgled during regular business hours. Victimized employees rarely confronted him, even though they later said they had a strange feeling about him, and authorities say Cobb was involved in hundreds of office creeper cases over the years.

The most famous of the modern-day office creepers, though, is probably Ameenah Franks, who, like Cobb, served time in the early 2000s for stealing from employees after illegally accessing office spaces. Franks, however, went after much harder targets, including government agencies in Washington; the Federal Reserve Bank of Richmond, Virginia; law firms; and even the offices of the Nuclear Regulatory Commission in Maryland. Franks also returned to office creeping after her sentence was up, was caught and was sentenced again in 2016.

The tactics employed by office creepers and computer hackers often parallel one another. In at least one case, Franks used a stolen security access card to enter secure parts of a building — much as a hacker uses stolen or cracked passwords to access secure computer networks. The man who broke into the Houston firm in 2015 took advantage of a faulty door, like a hacker who exploits a backdoor system vulnerability. But the most common tactic used in both office creeping and hacking seems to be social engineering.

Social engineering is a type of confidence trick. An intruder convinces an authorized worker to give him or her access to an off-limits area. Franks repeatedly used this tactic to gain access to secure government buildings. She flirted with security guards, convinced people that she had left her badge at her desk, chatted up employees outside buildings and then tailed them inside, or stood outside entryways smoking while waiting for someone to open the door. Franks relied on her ability to convince people she was someone who she was not. More extreme versions of social engineering can involve the use of props, such as wearing a hard hat and carrying a clipboard, or carrying a toolbox and ladder, which gives employees a reason to open the door for the imposter.

A Deeper Danger

Many office creepers are simply out to steal personal property. That is just the tip of the iceberg, however, when it comes to the damage an intruder can inflict on a company and its employees. Espionage is a form of surveillance, and all of those familiar with the attack cycle know that pre-operational surveillance is critical to staging a successful attack. Energy companies, for instance, are often targeted by protesters to make a political point. If the protesters gained access to a restricted office building, they would have many opportunities to wreak havoc through sabotage, disruptions or both in a bid to generate adverse publicity. A disgruntled former employee, an extremist with violent motives or a delusional individual could even take lives. In June, police arrested a man carrying firearms and explosive devices on a Google corporate campus. He had attacked the company’s offices several times before because he thought Google was spying on him.

Physical infiltration can assist electronic infiltration and vice versa. Much as social engineering operations have been the root of many successful electronic intrusions, hacking groups also can benefit from gaining access to restricted areas to fill in information gaps about a company. In the case of the Bangladesh central bank, for example, investigators said the perpetrators used inside knowledge of the bank’s communications and hierarchy to enhance the plausibility of their email scam. The Stuxnet worm, one of the most powerful computer weapons yet deployed, disabled Iranian centrifuges processing nuclear material in 2009-10. It is believed to have been introduced using a USB drive that had to be physically connected to a computer.

There are many reasons for people to enter unauthorized areas, including mundane curiosity. Though mechanical security systems are an important tool for countering intrusions, no system is perfect. Humans can override nearly all automated security measures, ensuring that social engineering will remain a threat to physical and network security alike. Companies can deter office creepers and the threats that they pose by practicing standard facility security measures: enforcing badge policies, restricting access with door codes and timers, and, most important, encouraging employees to confront people who try to follow them into restricted areas.

Confronting a Creeper

In many successful office creeper cases, employees cited the social difficulty of challenging people they do not recognize when working in a large office. More often than not, the stranger following you onto the elevator turns out to be a new employee or a co-worker from a different department. Calling someone out as a potential intruder risks embarrassment and offense, but there is no need for the interaction to be hostile. Regular workplace trainings can create an environment in which security enforcement is normal. For reasons that transcend good security practices, encouraging employees to introduce themselves to fellow workers makes for a better workplace. If you do not recognize the person following you into a restricted area, use the opportunity to meet him or her. If someone is not displaying an ID badge, make it a learning moment and remind the person that wearing badges is required. If the person’s story does not check out or if he or she cannot produce the proper credentials, alert a security manager.

General awareness on the part of employees can dramatically improve corporate security and deter the majority of opportunistic office intrusions. Increased awareness of the social engineering threat can deter many electronic intrusion attempts as well. Practicing common-sense security measures will help preserve employees’ property, work or, in extreme cases, their lives.

5 Sports Scandals That Involved Actual Espionage

Luke Kerr-Dineen , USA TODAY Sports 11:54 a.m. ET Dec. 14, 2016

News about Wake Forest’s recent controversy isn’t just outrageous, it’s hard to contemplate. No matter how bitter one may be, if the allegations are proven true, how could someone once so intimately close to the team turn on his former teammates by providing information to their opposition?

Nevertheless, that’s what happened, according to the school’s official statement into the matter, via USA TODAY:

A radio announcer for Wake Forest’s football games “provided or attempted to provide” details about the Demon Deacons’ upcoming game plans to opponents during the past three seasons, according to the findings of an internal investigation conducted by the university.

The findings are damning to say the least, but strange though they may be, this kind of espionage isn’t particularly unique in sports. There have been quite a few sports scandals involving spies over the years; here are a few of the most notable:

 Spygate

Undoubtedly the biggest controversy of Bill Belichick’s career. The Patriots were docked a first round draft pick, while Belichick and the Pats were fined a combined $750,000 for filming the New York Jets’ defensive signals from an undesignated area during the 2007 season. Subsequent evidence indicated the team may have also videotaped coach’s signals on other occasions, but upon further inspection, the NFL opted not to bring any further punishments.

Spygate II

In 2010, Bill Belichick’s protégé, Josh McDaniels, and his then-team the Denver Broncos were fined a combined $100,000 for taping the 49ers’ practice ahead of its London game.

Olympic Stadium

The taxpayer-funded building of the Olympic Stadium in London was a potential bonanza for one of two soccer teams – West Ham and Tottenham – vying to occupy it after the games. There was so at stake that three men hired on behalf of Tottenham to conduct a “legitimate inquirey” into West Ham’s big when they began illegally spying on its process. They were subsequently fined for it, and Tottenham said the men had caused the club major “embarrassment.”

Jul 12, 2012; London, UNITED KINGDOM; Aerial view of Wembley Stadium (center) and Wembley Arena (upper right). Wembley Stadium played host to the soccer competition for the 2012 London Olympics. Wembley Arena is the venue for badminton and rhythmic gymnastics.

Cardinals Hacking Scandal

Earlier this year St. Louis Cardinals’ former Director of Scouting Chris Correa was sentenced to nearly four years in prison after pleading guilty to four counts involving the organization hacking into an opposing team’s scouting database.

Stepneygate

The Spygate of Formula One resulted in the biggest punishment in Formula One history when McLaren Mercedes were fined $100 million in 2007 for using Ferrari data to improve its own car. McLaren Mercedes came into the information when a team engineer photocopied 780 pages of information given to him by a Ferrari employee named Nigel Stepney.

The Defend Trade Secrets Act – Avoid Having To Use It

The Defend Trade Secrets Act (DTSA), signed into law on May 11, 2016 by President Obama, has received wide industry praise from manufacturers including Boeing, Caterpillar, Corning, Eli Lilly and Co., General Electric, Honda, IBM, Intel, Johnson & Johnson, Procter & Gamble. 

Government officials point out that trade secrets are worth $5 trillion to the U.S. economy, and losses can cost between $160 billion and $480 billion a year.Government data further points out that trade secrets comprise as much as 80 percent of the value of a company’s knowledge portfolio.

DTSA, which extends the Economic Espionage Act of 1996, essentially gives trade secret owners the option of using federal law to file trade secret lawsuits. Prior to DTSA, only state law authorized these lawsuits.

TAKE AWAY:  Do your best NOT to need this law.  Once your trade secrets are in a competitor’s hands the damage is done.  It’s much less expensive to conduct regularly scheduled TSCM inspections to protect your trade secrets, business
intelligence, and intellectual property.  Information security is more important than ever in our competitive business world.