Defend against Industrial Espionage if laptop ban extended

Homeland Security has banned laptops in the cabins of US bound flights from 10 airports in the Middle East and Africa. Rumors are circulating that the ban will extend to European airports. This will be a major inconvenience to business travelers, but can also result in losses to companies.

Valuables such as laptops or camera equipment should not go in checked luggage. Airport employees, including those in security, are known for stealing from checked luggage. Trust European airport employees as you would their US counterparts. Theft of company equipment is annoying and costly for a large cap corporation, but could be crippling for a microcap company.

Another downside of a potential laptop ban is the loss of billable hours. Over half of employees prefer to work on the plane. The National Trade and Tourism Office reports 4.9 million passengers flew overseas and 1.9 million travelled to Europe. If they were unable to work on the plane, the total number of billable hours lost at an average of $76/hr. could be as high as $500M.

Productivity issues are small compared to FBI information that says economic espionage costs US businesses nearly $500B per year. Laptops transported in checked luggage are excellent targets for IP theft. The FBI and other officials know that US allies have a history of spying on private sector companies. The French version of the CIA enabled France to win a $1B contract to supply military equipment to India by learning about competing bids. Stealing bid pricing is convenient, but marketing plans, customer lists, supplier lists, and other material could give a competitor an edge or a new competitor could enter the market if certain information fell into the wrong hands.

No commercial measures are foolproof, but these are some hints to help you prevent foreign officials from accessing your data:

  • Do not have data on your computer that could someone could access in the luggage screening area
  • Your hard drive can be copied by authorities
    • If your drive is unencrypted they now have all your files
    • If your drive is encrypted they try to break the encryption or guess your password
  • Consider carrying a “burner” laptop for your business trip
    • Chromebooks or Windows 10S systems that use only a web browser are a better option
    • Do not have the browser remember your password
    • Do not check “remember me” when logging into a site
    • If authorities decide to keep your laptop it’s only a financial inconvenience
  • Enable BitLocker encryption on Windows
  • Enable FileVault encryption on MacOS
  • Forensic tools can recover deleted files or a formatted hard drive
    • Delete files using a multi-pass tool
    • Commercial and open source options available
  • Keep your antivirus and security patches up to date
    • Antivirus only works on known viruses
    • Governments may have unique variants
    • There are places on your computer antivirus cannot reach
  • Hardware added to your computer can log your keystrokes or take pictures of your screen
    • Antivirus will not protect you

Large companies will always be the primary target, but small businesses may be a target of convenience. A little advance planning can go a long way to securing your assets from professional spies.

Ethics is the Foundation for Business

Verizon will purchase Yahoo’s internet business for $4.83 billion. Verizon is offering $350 million less than its initial bid. Both companies will share any future cost from the data breaches. Verizon will also waive its right to sue over allegations that Yahoo staged a cover-up of the breaches. The investment fund selling Yahoo will still be liable for penalties from the SEC and shareholder lawsuits. The sale price reductions are reasonable. Other breaches cost companies more than $100 million.

Transparency is the greatest concern for Verizon and the SEC. If Yahoo disclosed the event earlier the harm to investors may have less. Verizon’s bid impact would be less if it were known during due diligence. They instead had to react strongly to the news after due diligence. This proves that transparency is the best policy for all parties in the long run.

A strong compliance and ethics program is the foundation for businesses of all sizes. Business ethics is more than a slogan in a policy manual. The benefits of a compliance and ethics program are attainable without large programs built by even larger consulting firms. Leadership commitment to compliance and ethics is the first step. If the first step is inexpensive, why make the next steps expensive and complicated?

The Society of Corporate Compliance and Ethics has many free resources available to assist with building a compliance program.

A Compliance & Ethics Program on a Dollar a Day: How Small Companies Can Have Effective Programs