KEY POINTS:
Significant numbers of New Zealand businesses are blissfully unaware of how easily competitors can steal their trade secrets, security experts say.
Disgruntled staff, particularly those about to defect to a rival firm, are the biggest threat to companies in the battle to keep their intellectual property secret.
As well, a growing number of businesses are vulnerable to competitors mounting organised campaigns to gather commercially sensitive information.
While "industrial espionage" may not be a term associated with business in New Zealand, the country's largest commercial private investigation firm says it has found bugs in corporate offices and spyware on company computers apparently sending information back to a rival business.
Dan Thompson, business development manager at Paragon, says some of its corporate clients have a checklist of "counter-espionage" tasks that are carried out regularly, including sweeping the boardroom for bugs.
"A lot of large organisations now have it in their annual to-do list - a regular once-a-year debugging - and some of them are prompted by information being leaked out."
Bugging equipment is cheap and widely available over the internet. Thompson says Paragon's sweeps of corporate headquarters have unearthed covert listening devices "on a couple of occasions".
The firm has also detected keystroke logging spyware which suggested a client's competitor had "been watching what's been going on from afar".
A much more common risk, however, is staff, who either deliberately or accidentally spill trade secrets.
Barrie Cooper, executive director of the Security Association, says an aggrieved staffer - someone about to quit, be fired or made redundant - is the most likely leaker of information.
A business is at its most vulnerable when a staff member is going through a grievance process, so still has access to company data, while harbouring a grudge against the business.
Technology, including email, portable flash drives and DVD burners, makes it simple for staff to steal vital company data, says Cooper.
"They could be damaging your business in the meantime and you're not aware of it," he says.
When US corporate security consultant Laura Chappell spoke to New Zealand audiences last year she donned oversized earrings that would not have looked out of place dangling from Christine Rankin's ears.
The jewellery was actually a pair of USB flash drives which Chappell said she had sneaked into clients' offices to show them how easily computer data could be smuggled out of the building.
Thompson says the best safeguard against staff fraud is rigorous pre-employment screening to weed out job applicants with a criminal history.
"Even in areas where you might not think it is relevant, you don't want to employ thieves or fraudsters, because quite often someone will be employed in one area [of the business] and then be moved to another area where they could be a risk," he says.
Paragon's website lists the case of a drug company help-desk worker with a PhD in computer security who was found to be removing highly sensitive patent information from his company's network.
It also records a case of an IT manager of a travel firm who copied a decade's worth of intellectual property from his company's servers, resigned, and within three days set up his own business, operating under a name almost identical to that used by his previous employer.
Meanwhile, businesses are getting smarter about pushing the limits of the law in a systematic attempt to build up their knowledge of competitors' activities - a process known as competitive intelligence.
AUT researcher Brent Hawkins, a specialist in competitive intelligence, says the practice can encompass everything from trawling a competitor's website to monitoring the movement of their vehicle fleet.
Hawkins runs his own competitive intelligence business consultancy and says the practice is used in the transport industry when, for example, an operator is tendering for a large contract and wants to find out what the incumbent contractor is up to.
"When others want to break into the market they've got to get information on what the present income streams [are] and one of the ways of doing that is to find out how many trucks are going onto a particular site, how big the loads are they're carrying and whether there's a backload coming out to make that route profitable," says Hawkins.
Thompson says Paragon carries out a significant amount of competitive intelligence work.
"As long as we carry out those inquiries lawfully there's no problem at all. We're quite able to do surveillance on other business," he says.
Hawkins says it is surprising how much sensitive company information staff will unwittingly pass on to competitors, either socially or at trade shows or industry conference. Managers need to set policies and remind staff to be wary of what they divulge, he says.
"It is really amazing what people will tell you, and often unbeknown to the employer. Even at a basic level, you can go into a shop and ask the question: 'How are things going?' Shop assistants will often tell you what their sales are for the day."
Thompson says to stem the loss of sensitive data, companies need a strong IT policy which spells out what employees can and can't do when it comes to handling data.
Cooper says because disgruntled employees only emerge out of an unhappy workplace, managers should start by regularly monitoring office morale.
"By having a happy team you don't have a problem," he says.
Security Check
How to protect valuable business data and intellectual property:
* Run a happy ship. Most information is leaked by disgruntled staff.
* Have a rigid IT policy so staff are clear what data they can and can't copy.
* Educate staff on the dangers of sharing sensitive information socially or at trade events.
* Check job applicants. Many data thieves have prior criminal records.
