Surreptitious workplace recording becoming a growing organizational threat

The threat is both from insiders and potential corporate espionage
Jan. 17, 2014
5 min read
(Image Courtesy of BigStock Photos)
The growth of electronic and mobile listening devices has created a new threat to corporate data and trade secrets.
The growth of electronic and mobile listening devices has created a new threat to corporate data and trade secrets.

Someone secretly records in your workplace. It could be an employee, a visitor, or an unknown with espionage or voyeurism in mind. Their tool could be a smartphone app, a recorder in a USB stick[i], or an audio-video recorder hidden in a fake key fob, pen or wristwatch.

This is bad news for you and your company. You won’t realize it has happened until a lawsuit begins or your competitive advantage evaporates. Embarrassment and expense follow. Surreptitious workplace recording is a serious issue on both a business and personal level. You can protect yourself and your organization, but first let’s review some motivations you are facing:

Industrial Espionage – Defined as the theft of trade secrets by the removal, copying or recording of confidential or valuable information.[ii]

HR Issues One-third of employees who visit the U.S. Equal Employment Opportunity Commission (EEOC) office to file discrimination complaints bring secretly made recordings.[iii] Katrina Patrick, a lawyer who represents aggrieved employees, says that more than 50 percent of the people who come to her office bring digital evidence. Some cases are settled for six figure sums.[iv] One case is now in its eighth year.[v] Obviously, not anticipating surreptitious recording is expensive.

Blackmail – Recordings force outcomes. Recently, three employees bugged their boss for a promotion, literally. They hid a recorder in his office and tried to blackmail him with the video footage.[vi]

Sex – Spycams are being placed in areas where there is an expectation of privacy (locker-rooms, business-provided restrooms, etc.). The problem is epidemic.[vii] Dozens of these stories appear in the news every week, and these are only the few who got caught. Inspecting privacy areas is now a regular part of our clients’ due diligence inspections.

What Can You Do?

Totally eliminating the possibility of surreptitious recording is not a realistic goal. Think protection. Aim at mitigating the threat and the damage it causes using this two point strategy.

1.    Create a written policy. In addition to its deterrent value, a policy provides discipline / termination leverage, and a stronger standing in court.

2.    Conduct proactive verification sweeps (TSCM)[viii] for covert recording devices. This is especially effective in combating industrial espionage. It also shows your due diligence when defending trade secret and bathroom spycam cases.

This two-pronged approach sends a strong message to anyone considering making you a target. Should you be recorded, or need to handle a covert recording workplace issue, you will find being prepared is the winner’s strategy.

Elements of a Workplace Recording Policy

The following are some of the most common elements of establishing a creditable and comprehensive workplace recording policy:

  •   Work with an attorney who specializes in employment matters.
  • ·Clearly define the purpose of the policy, e.g.
    •  to encourage an atmosphere for honest and open workplace communications,
    • to protect trade secrets, confidential and proprietary information,
    • to protect employee privacy — against spycams in restrooms, showers, changing areas, etc.)
  •  Clearly define the specific conditions where recording is permissible, e.g.
    • as part of the manufacturing process,
    • customer service quality control,
    •  when specifically relevant to Section 7 of the National Labor Relations Act.[ix]
  • ·Include a formal TSCM inspection schedule (debugging sweep) to show due diligence; important in expectation-of-privacy (spycam) and trade secret cases.
  •  List the types of recordings you want to prohibit.  (audio, video, data)
  •  Make it clear the policy covers everything business-related; on and off premises.
  •  List who may, and under what conditions, create exemptions to the policy.
  •  Review and update the policy periodically.
  •  Keep an acknowledged copy of the latest revision in employees’ personnel files.
  • ·Obtain an acknowledged copy from all visitors.

Tips for Management

As a security manager you must always be diligent when it comes to considering the potential threats to your organization’s data and privacy concerns. Here are some basics:

  •  Assume your discussions are being recorded.
  •  Before proceeding, ask if they are recording. Ask again during the conversation. If they say no and record anyway, well… juries don’t like sneaky liars.
  • Be professional. If you would not say it in a courtroom, don’t say it.
  • Red Flag – When an employee tries to recreate a previous conversation with you.
  • To increase due diligence credibility, have the TSCM debugging inspections conducted by an independent specialist.

Information losses, arbitration hearings and lawsuits are costly and embarrassing. Implementing a policy to mitigate this risk is very inexpensive insurance, and a good business practice. Do it today.

This security report is also available in electronic form with links to make sharing with colleagues easier. http://tinyurl.com/lbnz7nd

About the Author:

Kevin D. Murray CPP, CISM, CFE is a business counterespionage consultant with over three decades of experience. Feel free to contact him directly with your questions or comments at: http://counterespionage.com/contact.html

Information about Murray Associates electronic surveillance detection and business counterespionage services is available at: http://counterespionage.com/download.html

References:

[i] http://youtu.be/_9sPngNqsfA

[ii] http://www.investopedia.com/terms/i/industrial-espionage.asp

[iii] http://www.chron.com/business/sixel/article/One-third-of-workers-with-beefs-tape-their-bosses-1684505.php

[iv] http://www.businessinsider.com/smartphones-spying-devices-2011-7

[v] http://spybusters.blogspot.com/2014/01/the-annabel-melongo-eavesdropping-case.html

[vi] http://spybusters.blogspot.com/2013/10/bugging-boss-for-raise-lands-three.html

[vii] http://spybusters.blogspot.com/2012/12/spycam-story-664-this-month-in-spycam.html

[viii] Technical Surveillance Countermeasures

[ix] http://www.nlrb.gov/resources/national-labor-relations-act

About the Author

Kevin Murray

CPP, CISM, CFE

Sign up for SecurityInfoWatch Newsletters
Get the latest news and updates.

Related

From Synthetic Identities to Synthetic Receipts: The New Frontier of Fraud
How callback phishing threatens our online safety
Take Control of Your Physical Security Systems
Sponsored
Are Manual Site Surveys Costing You?
Sponsored

Voice Your Opinion!

To join the conversation, and become an exclusive member of SecurityInfoWatch, create an account today!