What firms themselves can do

How can a high-technology company guard itself against industrial espionage, either from foreign agents or domestic competitors?

''There is no such thing as 100 percent security,'' says computer crime consultant Sanford Sherizen. ''There will always be some vulnerabilities. If you approach 100 percent security, your company can't work, it can't function.''

But much can be done, he says. First, the firm must ''establish what is critical information. Then it must decide how to handle that in a very specialized way.''

For information stored in computers, Dr. Sherizen says, ''There are some very sophiscated security software systems now that are coming out almost monthly. The main issue is access control. Who should have access to information?''

It may also mean periodic checks on employees, he says. ''People may not understand that what they're saying (to outsiders) may provide part of a larger picture, helping to piece together a puzzle.''

''Some companies actually take the position that part of how they will determine performance evaluations will be how well people handle these kinds of security issues,'' he says. Despite growing sophistication, security systems often overlook the obvious, he adds.

''For example, when you get done typing something on a printer and the ribbon wears out, you shouldn't just throw it away.'' The information on the ribbon can be recovered, he says.

''There's a large company in downtown Boston that uses its [computer storage] discs for so many runs and then . . . lets employees take them out (for personal use). You can capture all kinds of information off [the old discs]. There are firms that do that. Its their business to recapture what was on the tape. . . .

''Many people in computer companies tend to still be in the old environment. It wasn't 'user friendly,' it was 'competitor friendly.' You had secrets, but you shared a lot of things because that's what lots of the development was. . . .

''Obviously, you can't do that at this point. . . .

''I asked the security person at one large corporation what kind of security training he did. He said, 'Well, we have some excellent movies.' He gave a lecture for new managers coming through. And he had a lot of posters.

''He stopped. I was waiting for him to go on. That was it. That was the total extent of his effort. This is a corporation that is heavily computerized and I knew there must be great damage going on there - people taking a lot of things electronically. This company could be really damaged by this and yet have no awareness of it.''

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.