Turning CI Inward to Protect Your Company
Competitive intelligence professionals typically spend their time and attention looking outward at other companies. Rarely do they turn that perspective around to identify the information they are revealing to the world at large about their own operations. The tools and techniques we use every day to gather intelligence about competitors provide the basis for protecting against information leaks that may be compromising competitiveness.
Considering How Information Makes its Way out into the World
It’s a good bet that, in general, your competitors are using a similar approach to discover hidden information about your company as you are using to analyze theirs. Job postings, LinkedIn profiles, and all the other channels where you might inadvertently disclose information are certainly under scrutiny by analysts looking for a competitive advantage.
It’s a worthwhile exercise to perform an analysis of your own company using Internet-based open source intelligence, just as if you were an outside party. Doing so draws on well-established expertise that every competitive intelligence organization has, so it can be done fairly easily and at little cost. Gathering that information generally reveals outward flows of information that would otherwise remain hidden, and which can be plugged or at least mitigated.
Identifying Specific Information Leaks
While the specifics are different for every organization, common inadvertent disclosures exist. For example, employees often engage in a sort of branding exercise of their own careers using resumes and LinkedIn, and outgoing interns build their own credibility by publicizing their work at your company. Slide presentations and documents made publicly available (even those from confidential meetings) often reveal a wealth of private information.
Looking a bit deeper, data about web searches against your domain can be very revealing. For example, a log entry that shows a search such as “confidential filetype:pdf” clearly shows that someone was looking for material that you would prefer they wouldn’t have, and it behooves you to replicate that search to find out what it shows.
Mitigating or Plugging the Unwanted Flow of Information
Once you have identified information that is publicly available but shouldn’t be, you can identify strategies for addressing those vulnerabilities. Some issues can be handled fairly decisively, while others can merely be controlled, and a coherent plan should include both human and technological factors.
HR policies and procedures can help mitigate unwanted outward information flows. Exit interviews for the interns mentioned above, as well as employee training to raise awareness, can help prevent the company from broadcasting sensitive information. Recommending adjustments to user permissions and policy safeguards on collaboration tools and other IT resources can go a long way toward helping a competitive intelligence organization protect the company.
By Sean Campbell
By Scott Swigart