Friday, May 07, 2010


Saying that business competition in Kenya is intense is stating the obvious. Business survival is now the name of the game. All tactics are being employed to survive and in the process beat the competition.

Industrial espionage is one of the less palatable tactics being employed to wipe the competition on the floor. You might think that these goings-on only happen amongst the resource rich blue-chip companies. The techniques employed might differ but everyone from the kiosk owner to the multinational is vulnerable to industrial espionage.

In this technological age, company jewels are in digital form and reside in an ICT infrastructure. These jewels are in the form of customer details, credit card numbers, research findings, source code, strategies and source code. Getting them out is easy. Take your pick: USB stick, email attachment, mobile phone or a file transfer.

To protect your firm against industrial espionage you must take into account the following. Do not expose your internal network by allowing unauthorized users to access it. The process of transferring your files out of the network should be carried out without exposing the files to interception.

Protecting your data against tampering is crucial. Your data must be tamper proof in that any changes to it must be detectable. This is possible by integrating authentication and access control that ensures that only authorized staff can change the data. Using digital signatures should also be employed to detect unauthorized changes in your data files.

End to end network protection is another effective anti-espionage strategy. Security must be maintained while company data is being transported over the network. Users that store, transfer or retrieve data must use strong authentication mechanisms. In addition, access control must ensure that users only take appropriate action and that only authorized actions are carried out.

Of utmost priority is implementing a comprehensive auditing and monitoring framework in the organization. Auditing of your systems and their security will allow your company to ensure that its policy against espionage is being carried out. Secondly, it provides the company with the ability to track the usage of its data.

Finally it provides a deterrent to potential spies who are now aware that tamper-proof auditing and monitoring can help in exposing and identifying unauthorized access and usage.

Industrial espionage has, unfortunately, become part and parcel of business in Kenya today. You cannot afford to ignore this risk if you intend to survive and prosper as a business entity.

No comments: